Overview

overview

8

Static

static

geometryda...4y.exe

windows10-1703-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    geometrydashmenu_SUnBLS4y.exe

  • Size

    4.4MB

  • Sample

    221204-hklp3aeg28

  • MD5

    991903b93446afde2fdc398a5476d8d3

  • SHA1

    a79a5f5b137f65a2f3f0563576016c2d5c263549

  • SHA256

    9d470a00d89f4fe101085e3ed877a1d6e6da272a58356cbd92d3f9521ca7670d

  • SHA512

    890e8b0e14a308ce45b5a87a3c924ccdb40f8e8ed93bb2420c39e1b62bc81511af0ac15b8e8807aafd9cb3e085633c90f9d7b40fdcf0f2189e4a9d40f3b1fac2

  • SSDEEP

    98304:MGrYkNnl4tpiVYCdWaG5Ym/V8BWYYnQXy7M81O3w8oXy15w:MUnFlqiV1d+/8sQiwKOgRXCO

Score
8/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      geometrydashmenu_SUnBLS4y.exe

    • Size

      4.4MB

    • MD5

      991903b93446afde2fdc398a5476d8d3

    • SHA1

      a79a5f5b137f65a2f3f0563576016c2d5c263549

    • SHA256

      9d470a00d89f4fe101085e3ed877a1d6e6da272a58356cbd92d3f9521ca7670d

    • SHA512

      890e8b0e14a308ce45b5a87a3c924ccdb40f8e8ed93bb2420c39e1b62bc81511af0ac15b8e8807aafd9cb3e085633c90f9d7b40fdcf0f2189e4a9d40f3b1fac2

    • SSDEEP

      98304:MGrYkNnl4tpiVYCdWaG5Ym/V8BWYYnQXy7M81O3w8oXy15w:MUnFlqiV1d+/8sQiwKOgRXCO

    Score
    8/10
    bootkitdiscoverypersistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks