Overview

overview

7

Static

static

03ea897d7b...59.exe

windows7-x64

7

03ea897d7b...59.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03ea897d7bec0c1ea287304dae1fc0b78f19a7c82bf1e4417e8aa69d00923e59

  • Size

    3.1MB

  • Sample

    221125-pmywqsbe8v

  • MD5

    0add3a63cf39aa9436807b667aa3f973

  • SHA1

    25e4eb923295d24c2289eb30ad051da69ba0ea0a

  • SHA256

    03ea897d7bec0c1ea287304dae1fc0b78f19a7c82bf1e4417e8aa69d00923e59

  • SHA512

    5ba280e80d0f3014f62509a0a14d51eee7e16c5be1f73d83e4fd3df7aeef646819229eac727c4d6c585c490a5b394fdbe85e5105e95227d7a44e6f188b310035

  • SSDEEP

    49152:F1nkw2v+uScaItw/WvKsStJnZe/UwFwYiPh9Vxm2/SKIbZSAkuE+L:FmwDIC/WvKRJnZeNFiVxT/SKINlkuE+L

Score
7/10
bootkitpersistence

Malware Config

Targets

    • Target

      03ea897d7bec0c1ea287304dae1fc0b78f19a7c82bf1e4417e8aa69d00923e59

    • Size

      3.1MB

    • MD5

      0add3a63cf39aa9436807b667aa3f973

    • SHA1

      25e4eb923295d24c2289eb30ad051da69ba0ea0a

    • SHA256

      03ea897d7bec0c1ea287304dae1fc0b78f19a7c82bf1e4417e8aa69d00923e59

    • SHA512

      5ba280e80d0f3014f62509a0a14d51eee7e16c5be1f73d83e4fd3df7aeef646819229eac727c4d6c585c490a5b394fdbe85e5105e95227d7a44e6f188b310035

    • SSDEEP

      49152:F1nkw2v+uScaItw/WvKsStJnZe/UwFwYiPh9Vxm2/SKIbZSAkuE+L:FmwDIC/WvKRJnZeNFiVxT/SKINlkuE+L

    Score
    7/10
    bootkitpersistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks