Overview

overview

7

Static

static

1

2025e0f44f...86.exe

windows7-x64

7

2025e0f44f...86.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025e0f44f72db531750abe4efb27802a7ae3a0f742cc01c3a424b411b79ac86

  • Size

    25MB

  • Sample

    230330-dq42dacd51

  • MD5

    b700c077b7e996a9024790647fdf3ada

  • SHA1

    dbc34258628fb122e4bfd7f1d845af4f340665e0

  • SHA256

    2025e0f44f72db531750abe4efb27802a7ae3a0f742cc01c3a424b411b79ac86

  • SHA512

    82e7d4b798464ff18ed12687064956b457b0596d3fc3fc067e57c62429d877b3808b8c95e7eea8367f1721b845c99e015f01543c9a090c0ce9ba27b86371c46f

  • SSDEEP

    786432:UjRaLwqLOUjqZNDRLPjqLBeYPWEiR4mEAnG4f3k:UjRakqaNLPmLMu7a/EA9M

Score
7/10
bootkitpersistence

Malware Config

Targets

    • Target

      2025e0f44f72db531750abe4efb27802a7ae3a0f742cc01c3a424b411b79ac86

    • Size

      25MB

    • MD5

      b700c077b7e996a9024790647fdf3ada

    • SHA1

      dbc34258628fb122e4bfd7f1d845af4f340665e0

    • SHA256

      2025e0f44f72db531750abe4efb27802a7ae3a0f742cc01c3a424b411b79ac86

    • SHA512

      82e7d4b798464ff18ed12687064956b457b0596d3fc3fc067e57c62429d877b3808b8c95e7eea8367f1721b845c99e015f01543c9a090c0ce9ba27b86371c46f

    • SSDEEP

      786432:UjRaLwqLOUjqZNDRLPjqLBeYPWEiR4mEAnG4f3k:UjRakqaNLPmLMu7a/EA9M

    Score
    7/10
    bootkitpersistence

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks