27fd1df26f5a48939f207ec098c13b62a09dc29a18dbac4ea65d0386f2623406 | Triage

Sharing

General

Target

27fd1df26f5a48939f207ec098c13b62a09dc29a18dbac4ea65d0386f2623406
Size

1.7MB
Sample

230331-ltyb1ahb97
MD5

a59e8c44031efc699219f5e58e4b6468
SHA1

65d62facf0cf72664af1243fc43062c80ba50792
SHA256

27fd1df26f5a48939f207ec098c13b62a09dc29a18dbac4ea65d0386f2623406
SHA512

c4354f3e23bf295b5c3c09d5a4d3d36a1f1bab1bfbf172e21a8b1902b9b4b97890a56bb9da443fd2bd94fdd2501813da140e24dbcf0d72a4c8c72a901a666761
SSDEEP

49152:PI085pNzmDH86hXS2eQPfzSdQEZn3W2XWx9mf/k:L85p6H8gSPQUrnG2XWHm

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  27fd1df26f5a48939f207ec098c13b62a09dc29a18dbac4ea65d0386f2623406
- Size
  
  1.7MB
- MD5
  
  a59e8c44031efc699219f5e58e4b6468
- SHA1
  
  65d62facf0cf72664af1243fc43062c80ba50792
- SHA256
  
  27fd1df26f5a48939f207ec098c13b62a09dc29a18dbac4ea65d0386f2623406
- SHA512
  
  c4354f3e23bf295b5c3c09d5a4d3d36a1f1bab1bfbf172e21a8b1902b9b4b97890a56bb9da443fd2bd94fdd2501813da140e24dbcf0d72a4c8c72a901a666761
- SSDEEP
  
  49152:PI085pNzmDH86hXS2eQPfzSdQEZn3W2XWx9mf/k:L85p6H8gSPQUrnG2XWHm
Score

7^/10

bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence