e0e50205f43a14048bf22c8442fa55a0467b828529e78a4927a6b39a35c6a947 | Triage

Submit
Reports

Overview

overview

8

Static

static

just your ...le.exe

windows7-x64

1

just your ...le.exe

windows10-2004-x64

8

Sharing

General

Target

just your average executable.exe
Size

39.6MB
Sample

221206-ccg41sba5s
MD5

c4a04acc0b0133787d58d91338b35556
SHA1

308d43a455d578e7305293ff01174ba39884a1f1
SHA256

e0e50205f43a14048bf22c8442fa55a0467b828529e78a4927a6b39a35c6a947
SHA512

2f81114158c1deaffb2a79462d1f8d32fad6ed8e4a6ad0a7d7aa243a6ef06e90c3f0b88325fb70f27f7d02cbdd1d6d6281b9373f0c813fb981757cfd3b7ef767
SSDEEP

786432:1QQ+DLvsiBiFOMCdQCKiK/yRtlO1kXxFkA0mRoe653PDlTmJ46qShdKG543yMF:GQcv6NKpbtllXxKLmee653PRqDrKG5u5

Score

8^/10

bootkit persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

just your average executable.exe

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

just your average executable.exe

Resource

win10v2004-20220812-en

bootkit persistence ransomware

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  just your average executable.exe
- Size
  
  39.6MB
- MD5
  
  c4a04acc0b0133787d58d91338b35556
- SHA1
  
  308d43a455d578e7305293ff01174ba39884a1f1
- SHA256
  
  e0e50205f43a14048bf22c8442fa55a0467b828529e78a4927a6b39a35c6a947
- SHA512
  
  2f81114158c1deaffb2a79462d1f8d32fad6ed8e4a6ad0a7d7aa243a6ef06e90c3f0b88325fb70f27f7d02cbdd1d6d6281b9373f0c813fb981757cfd3b7ef767
- SSDEEP
  
  786432:1QQ+DLvsiBiFOMCdQCKiK/yRtlO1kXxFkA0mRoe653PDlTmJ46qShdKG543yMF:GQcv6NKpbtllXxKLmee653PRqDrKG5u5
Score

8^/10

bootkit persistence ransomware
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

behavioral2

bootkitpersistenceransomware

© 2018-2024

Terms | Privacy