Overview

overview

7

Static

static

1

2d3e6261d0...18.exe

windows7-x64

7

2d3e6261d0...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d3e6261d0b1e621039861a054d31293c816261928afffa18ac91c2cc4039f18

  • Size

    25.9MB

  • Sample

    230330-h4m28sbd72

  • MD5

    5fe9f478ed6a614c972c64219d1ce731

  • SHA1

    ef6b61f51551c6581ee349f3cfaf94bd0a6f3da3

  • SHA256

    2d3e6261d0b1e621039861a054d31293c816261928afffa18ac91c2cc4039f18

  • SHA512

    bff24fccaf36ac35da9065825bab40e489ba8f9c4007227c6f73cdb24f339a57f7f7aec6baa863ee9a8187ae02f615d34a8ac0b90aebe80378cc97522200c6d5

  • SSDEEP

    786432:8j9RPCFJ/FZNDRLPjqLBeYPWEiR4mEAnG4f3L:8j9RyfNLPmLMu7a/EA9j

Score
7/10
bootkitpersistence

Malware Config

Targets

    • Target

      2d3e6261d0b1e621039861a054d31293c816261928afffa18ac91c2cc4039f18

    • Size

      25.9MB

    • MD5

      5fe9f478ed6a614c972c64219d1ce731

    • SHA1

      ef6b61f51551c6581ee349f3cfaf94bd0a6f3da3

    • SHA256

      2d3e6261d0b1e621039861a054d31293c816261928afffa18ac91c2cc4039f18

    • SHA512

      bff24fccaf36ac35da9065825bab40e489ba8f9c4007227c6f73cdb24f339a57f7f7aec6baa863ee9a8187ae02f615d34a8ac0b90aebe80378cc97522200c6d5

    • SSDEEP

      786432:8j9RPCFJ/FZNDRLPjqLBeYPWEiR4mEAnG4f3L:8j9RyfNLPmLMu7a/EA9j

    Score
    7/10
    bootkitpersistence

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks