d0f23135e309d5e8f6dad29e1be5a64a8c190db9dc27e6c116c50428ce6484f1 | Triage

Submit
Reports

Overview

overview

7

Static

static

d0f23135e3...f1.exe

windows7-x64

6

d0f23135e3...f1.exe

windows10-2004-x64

7

Sharing

General

Target

d0f23135e309d5e8f6dad29e1be5a64a8c190db9dc27e6c116c50428ce6484f1
Size

262KB
Sample

221206-hxeghsdh32
MD5

c0c52c104575f1ec2a53cb1becb4224f
SHA1

48bb0040bdedc4c074df3913c60cf97492ecb05e
SHA256

d0f23135e309d5e8f6dad29e1be5a64a8c190db9dc27e6c116c50428ce6484f1
SHA512

447135f37dcac3bb7ecacbdfecf2bf4f6fdd5e6b625d0feec0884119ed5ec5f00b7029c5184e5b88e9705725cb2663cab09bfcaff838df33b02f1c5cc90a3337
SSDEEP

6144:yw0Vt5pW8yU8ZrzPzDy77VeO32XOy8daPSJ9:yDW88pfU7t3Vy3PSJ9

Score

7^/10

bootkit persistence

Static task

static1

Behavioral task

behavioral1

Sample

d0f23135e309d5e8f6dad29e1be5a64a8c190db9dc27e6c116c50428ce6484f1.exe

Resource

win7-20220812-en

bootkit persistence

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

d0f23135e309d5e8f6dad29e1be5a64a8c190db9dc27e6c116c50428ce6484f1.exe

Resource

win10v2004-20221111-en

bootkit persistence

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  d0f23135e309d5e8f6dad29e1be5a64a8c190db9dc27e6c116c50428ce6484f1
- Size
  
  262KB
- MD5
  
  c0c52c104575f1ec2a53cb1becb4224f
- SHA1
  
  48bb0040bdedc4c074df3913c60cf97492ecb05e
- SHA256
  
  d0f23135e309d5e8f6dad29e1be5a64a8c190db9dc27e6c116c50428ce6484f1
- SHA512
  
  447135f37dcac3bb7ecacbdfecf2bf4f6fdd5e6b625d0feec0884119ed5ec5f00b7029c5184e5b88e9705725cb2663cab09bfcaff838df33b02f1c5cc90a3337
- SSDEEP
  
  6144:yw0Vt5pW8yU8ZrzPzDy77VeO32XOy8daPSJ9:yDW88pfU7t3Vy3PSJ9
Score

7^/10

bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

© 2018-2025

Terms | Privacy