cdf1b2d005ad498283d73a0ddbbd5886c775799e021c6a2a99e7549dd87538c0 | Triage

Sharing

General

Target

cdf1b2d005ad498283d73a0ddbbd5886c775799e021c6a2a99e7549dd87538c0
Size

29.5MB
Sample

230327-jhnx3sed41
MD5

e0f5c5dacb2c49b9de937e1ac4e6aa12
SHA1

7d4e57d53f0b855780ebeee66d7fb51c51a7ab78
SHA256

cdf1b2d005ad498283d73a0ddbbd5886c775799e021c6a2a99e7549dd87538c0
SHA512

bf6e9a08a1969cac5a1fe53472364a9fee321001be4b003db5e282596ccff3ad9cc50e13c313012a0804e4c66923ac53559443c4c9adc697ebd7a420e9873b97
SSDEEP

786432:oX+PCDglQifSjUTs6LhQ/+loqcH9jnfazU/NpQDoWnSz+XBW:EurlQifgUw6LhI+JQ9jfa4/NpmhSR

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  cdf1b2d005ad498283d73a0ddbbd5886c775799e021c6a2a99e7549dd87538c0
- Size
  
  29.5MB
- MD5
  
  e0f5c5dacb2c49b9de937e1ac4e6aa12
- SHA1
  
  7d4e57d53f0b855780ebeee66d7fb51c51a7ab78
- SHA256
  
  cdf1b2d005ad498283d73a0ddbbd5886c775799e021c6a2a99e7549dd87538c0
- SHA512
  
  bf6e9a08a1969cac5a1fe53472364a9fee321001be4b003db5e282596ccff3ad9cc50e13c313012a0804e4c66923ac53559443c4c9adc697ebd7a420e9873b97
- SSDEEP
  
  786432:oX+PCDglQifSjUTs6LhQ/+loqcH9jnfazU/NpQDoWnSz+XBW:EurlQifgUw6LhI+JQ9jfa4/NpmhSR
Score

7^/10

bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

bootkitpersistence