736cda5b2775ef1e9b3c1aca74c6bb2adfe737d001dcd935bcbe8ee62958ebbb | Triage

Sharing

General

Target

736cda5b2775ef1e9b3c1aca74c6bb2adfe737d001dcd935bcbe8ee62958ebbb
Size

31.9MB
Sample

230330-vg1q2ade27
MD5

1b5a9cdfb1e2e5525ba77008aacfed3d
SHA1

f5053f7b425d2019a254d4952814a752c2987302
SHA256

736cda5b2775ef1e9b3c1aca74c6bb2adfe737d001dcd935bcbe8ee62958ebbb
SHA512

d1281dcaa794a85fa76163a0ec2b87a5745ceacd559c90f39ca5cd6b6f610e77839b3f9b3ff8866bc64ea104e975133222e8ca4966bbfa583f20466c8c1674b5
SSDEEP

786432:1HI5TJ/XpqhDctzm+deBbq2O879gNBCN3KHLlLYWCA16pNa5AlomnNCs7t8X:1o5TJ/5qhD4S++W2Ou9oBCN6HqWJ16pw

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  736cda5b2775ef1e9b3c1aca74c6bb2adfe737d001dcd935bcbe8ee62958ebbb
- Size
  
  31.9MB
- MD5
  
  1b5a9cdfb1e2e5525ba77008aacfed3d
- SHA1
  
  f5053f7b425d2019a254d4952814a752c2987302
- SHA256
  
  736cda5b2775ef1e9b3c1aca74c6bb2adfe737d001dcd935bcbe8ee62958ebbb
- SHA512
  
  d1281dcaa794a85fa76163a0ec2b87a5745ceacd559c90f39ca5cd6b6f610e77839b3f9b3ff8866bc64ea104e975133222e8ca4966bbfa583f20466c8c1674b5
- SSDEEP
  
  786432:1HI5TJ/XpqhDctzm+deBbq2O879gNBCN3KHLlLYWCA16pNa5AlomnNCs7t8X:1o5TJ/5qhD4S++W2Ou9oBCN6HqWJ16pw
Score

7^/10

bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

bootkitpersistence