bc706cef89e58b646644574947f9573fe2905bf0d0a591380b3ee90d08bbd7bb | Triage

Sharing

General

Target

bc706cef89e58b646644574947f9573fe2905bf0d0a591380b3ee90d08bbd7bb
Size

35KB
Sample

221205-3tlrmscb9v
MD5

c625cce29c5fe19400e2de57151ad590
SHA1

4c0efd99fbe04196ac76ebcd4c04dbe34f9017fd
SHA256

bc706cef89e58b646644574947f9573fe2905bf0d0a591380b3ee90d08bbd7bb
SHA512

ee5f04fd12b783c167a9703888a282a82af364b26c82522b3ec73c5d612a02eb95504bcf9f3b1b3460c4adfdc3810907ef946cf325479ad67f14aba26fa4d294
SSDEEP

192:IlZOjmkVgytDYYEMr01NMEKycW5aC3sPFMkDazZlMRakfiqTk3cMa27OYYaOCIXm:I/IdtlE2yb3sPFxTMcVg48IrXk

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  bc706cef89e58b646644574947f9573fe2905bf0d0a591380b3ee90d08bbd7bb
- Size
  
  35KB
- MD5
  
  c625cce29c5fe19400e2de57151ad590
- SHA1
  
  4c0efd99fbe04196ac76ebcd4c04dbe34f9017fd
- SHA256
  
  bc706cef89e58b646644574947f9573fe2905bf0d0a591380b3ee90d08bbd7bb
- SHA512
  
  ee5f04fd12b783c167a9703888a282a82af364b26c82522b3ec73c5d612a02eb95504bcf9f3b1b3460c4adfdc3810907ef946cf325479ad67f14aba26fa4d294
- SSDEEP
  
  192:IlZOjmkVgytDYYEMr01NMEKycW5aC3sPFMkDazZlMRakfiqTk3cMa27OYYaOCIXm:I/IdtlE2yb3sPFxTMcVg48IrXk
Score

8^/10

bootkit persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence