76912a5ef9d612f18ac0053022aa41ee06bb8e920c1bc8a6335f5c366a5b76e2 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

Bell Sched...te.pdf

windows10-2004-x64

7

Resubmissions

31-03-2023 23:51

230331-3wkblaee62 7

31-03-2023 23:51

230331-3v96mafh2x 1

Sharing

General

Target

Bell Schedules Website.pdf
Size

734KB
Sample

230331-3wkblaee62
MD5

3176eae34d151ff3d00f5f68ad01ef19
SHA1

2fdc90be5afb16f85f057dcb1689f5ad2d948dfd
SHA256

76912a5ef9d612f18ac0053022aa41ee06bb8e920c1bc8a6335f5c366a5b76e2
SHA512

743190339596ac865b80eee2f4f509c62a6441dc2734c31d31788aff6d82d8eb4c047a81c1a4b01f843cb2b23a2783e8e12c599e5c4c72ac013b609ef5e3a27e
SSDEEP

12288:xqnceOMbrfZT/GaQJn+j3GLbPXVGwN+TLYWRmSZQUyWMycQbYXalS3CuLwQ0bMB2:9t4V0kWnPXVGK+TLNRnQplQb10IQip

Score

7^/10

bootkit persistence

Static task

static1

Behavioral task

behavioral1

Sample

Bell Schedules Website.pdf

Resource

win10v2004-20230220-en

bootkit persistence

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  Bell Schedules Website.pdf
- Size
  
  734KB
- MD5
  
  3176eae34d151ff3d00f5f68ad01ef19
- SHA1
  
  2fdc90be5afb16f85f057dcb1689f5ad2d948dfd
- SHA256
  
  76912a5ef9d612f18ac0053022aa41ee06bb8e920c1bc8a6335f5c366a5b76e2
- SHA512
  
  743190339596ac865b80eee2f4f509c62a6441dc2734c31d31788aff6d82d8eb4c047a81c1a4b01f843cb2b23a2783e8e12c599e5c4c72ac013b609ef5e3a27e
- SSDEEP
  
  12288:xqnceOMbrfZT/GaQJn+j3GLbPXVGwN+TLYWRmSZQUyWMycQbYXalS3CuLwQ0bMB2:9t4V0kWnPXVGK+TLNRnQplQb10IQip
Score

7^/10

bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

bootkitpersistence

© 2018-2024

Terms | Privacy