Overview

overview

8

Static

static

1

drfone_unl...06.exe

windows7-x64

8

drfone_unl...06.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    drfone_unlock_setup_full6706.exe

  • Size

    960KB

  • Sample

    230216-zp39cabh97

  • MD5

    6028b4bd03c944c8d4011ea0a74fc9ed

  • SHA1

    2cf39f3f88b03fd66a23033869bc72b7b0129381

  • SHA256

    71ab33ecfb7624303da356cc191ab96e133f4412869760870c6dfe1a536277ad

  • SHA512

    ede69d624b789c367fc3573f4ab5ec2690744ea3c522ab3c62c874ae9457e48b65afd04bbf8c16d328bbe44fe29de418f1d813919901931e785d6e437b319843

  • SSDEEP

    24576:R8YcaFhy8Elpws3DwWC2gYw0WDmuUFvv+QqakD6:R8YcaFhy8ElpwszwWC2gY0xUNmzakm

Score
8/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      drfone_unlock_setup_full6706.exe

    • Size

      960KB

    • MD5

      6028b4bd03c944c8d4011ea0a74fc9ed

    • SHA1

      2cf39f3f88b03fd66a23033869bc72b7b0129381

    • SHA256

      71ab33ecfb7624303da356cc191ab96e133f4412869760870c6dfe1a536277ad

    • SHA512

      ede69d624b789c367fc3573f4ab5ec2690744ea3c522ab3c62c874ae9457e48b65afd04bbf8c16d328bbe44fe29de418f1d813919901931e785d6e437b319843

    • SSDEEP

      24576:R8YcaFhy8Elpws3DwWC2gYw0WDmuUFvv+QqakD6:R8YcaFhy8ElpwszwWC2gY0xUNmzakm

    Score
    8/10
    bootkitpersistencediscovery

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks