Overview

overview

8

Static

static

aec547bd6f...49.exe

windows7-x64

8

aec547bd6f...49.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aec547bd6f6fc9641f57bdb45f16037625ac38daa62ba12e38cdc9baff4b9749

  • Size

    1.1MB

  • Sample

    221204-znkqlseb57

  • MD5

    a61feb0a318c12f8fe9345f0d02617f0

  • SHA1

    4c927ecb6e5062f5f4f27301724a3931adcc7e1f

  • SHA256

    aec547bd6f6fc9641f57bdb45f16037625ac38daa62ba12e38cdc9baff4b9749

  • SHA512

    75f2206c666c319a7fcce29e5945f39773d6d0715532aef1d3a20761f033290832efe5299dacadb0ab6ccdbdc531a5c78dc14eaadce5fc4793368c2d691a99e7

  • SSDEEP

    24576:xtTLFhzZCwejpJf2Zv5WcdbCOqdrtzZXzcDc4hF/Qwoh44w3yv2qGAm7:nTLfzZC5p6RFByVZggi/M4jiRGP

Score
8/10
bootkitdiscoveryexploitpersistence

Malware Config

Targets

    • Target

      aec547bd6f6fc9641f57bdb45f16037625ac38daa62ba12e38cdc9baff4b9749

    • Size

      1.1MB

    • MD5

      a61feb0a318c12f8fe9345f0d02617f0

    • SHA1

      4c927ecb6e5062f5f4f27301724a3931adcc7e1f

    • SHA256

      aec547bd6f6fc9641f57bdb45f16037625ac38daa62ba12e38cdc9baff4b9749

    • SHA512

      75f2206c666c319a7fcce29e5945f39773d6d0715532aef1d3a20761f033290832efe5299dacadb0ab6ccdbdc531a5c78dc14eaadce5fc4793368c2d691a99e7

    • SSDEEP

      24576:xtTLFhzZCwejpJf2Zv5WcdbCOqdrtzZXzcDc4hF/Qwoh44w3yv2qGAm7:nTLfzZC5p6RFByVZggi/M4jiRGP

    Score
    8/10
    bootkitdiscoveryexploitpersistence

    • Executes dropped EXE

    • Possible privilege escalation attempt

      exploit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks