53e52b4a938eb421cbb5d336f049be3bdd4688b645863a1880e55c5748eeea29 | Triage

Sharing

General

Target

53e52b4a938eb421cbb5d336f049be3bdd4688b645863a1880e55c5748eeea29
Size

2.8MB
Sample

230215-zxhmlseb79
MD5

427cbdaf708b4fb597a993d379023a7b
SHA1

3c1db2bc2fae45c95a78df54d5c463f2e8095cda
SHA256

53e52b4a938eb421cbb5d336f049be3bdd4688b645863a1880e55c5748eeea29
SHA512

78a0dafcb1b9c93cf3b5f91028a1b146ba6b73284bce995abf6e20b984045f530e548d7617dd2dcca06d3751767f625dc9b4d4eac0ea7d7c969d82fb8495ef54
SSDEEP

49152:Rvofmdo+h5x6KV1wvc33BoY/Cmw+9prbesdZxKCo4YJ9hVNvsgStM5qFfziaT:Rvofmdo8x6KV4cxpqmwkJesdbU4+hHkN

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  53e52b4a938eb421cbb5d336f049be3bdd4688b645863a1880e55c5748eeea29
- Size
  
  2.8MB
- MD5
  
  427cbdaf708b4fb597a993d379023a7b
- SHA1
  
  3c1db2bc2fae45c95a78df54d5c463f2e8095cda
- SHA256
  
  53e52b4a938eb421cbb5d336f049be3bdd4688b645863a1880e55c5748eeea29
- SHA512
  
  78a0dafcb1b9c93cf3b5f91028a1b146ba6b73284bce995abf6e20b984045f530e548d7617dd2dcca06d3751767f625dc9b4d4eac0ea7d7c969d82fb8495ef54
- SSDEEP
  
  49152:Rvofmdo+h5x6KV1wvc33BoY/Cmw+9prbesdZxKCo4YJ9hVNvsgStM5qFfziaT:Rvofmdo8x6KV4cxpqmwkJesdbU4+hHkN
Score

7^/10

bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence