e6d1cc9b4d77102127eb3f6e2d1041bca1336bf0712faed2e9d8e12b6e90f696 | Triage

Sharing

General

Target

e6d1cc9b4d77102127eb3f6e2d1041bca1336bf0712faed2e9d8e12b6e90f696
Size

600KB
Sample

221205-c46lpahb58
MD5

efefc226591ab95fe3e4727537ef5aec
SHA1

aae4b0c999668ccf159606f39198bd4f683bb20c
SHA256

e6d1cc9b4d77102127eb3f6e2d1041bca1336bf0712faed2e9d8e12b6e90f696
SHA512

409421763c42f0f6f33d98d0c5a7e8042ec8d05fcf870605846514207dca1a1e2406fce4ef503a0d1c543ed1979ec794c2912898a0db5d3400b766e7c7655b07
SSDEEP

12288:lFszBhqS5mEA7/GY4FLp5eknFF3JbooW1IVFAIgDZkWP+7:lFszWS5m7WFLp5zf3JbooW14AIgDA7

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  e6d1cc9b4d77102127eb3f6e2d1041bca1336bf0712faed2e9d8e12b6e90f696
- Size
  
  600KB
- MD5
  
  efefc226591ab95fe3e4727537ef5aec
- SHA1
  
  aae4b0c999668ccf159606f39198bd4f683bb20c
- SHA256
  
  e6d1cc9b4d77102127eb3f6e2d1041bca1336bf0712faed2e9d8e12b6e90f696
- SHA512
  
  409421763c42f0f6f33d98d0c5a7e8042ec8d05fcf870605846514207dca1a1e2406fce4ef503a0d1c543ed1979ec794c2912898a0db5d3400b766e7c7655b07
- SSDEEP
  
  12288:lFszBhqS5mEA7/GY4FLp5eknFF3JbooW1IVFAIgDZkWP+7:lFszWS5m7WFLp5zf3JbooW14AIgDA7
Score

8^/10

bootkit persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2