Overview

overview

7

Static

static

1

URLScan

urlscan

https://we.tl/t-VCeN...

windows10-2004-x64

7

Resubmissions

01-04-2023 15:00

230401-sdfwcacb3v 1

01-04-2023 14:59

230401-sc7mnscb3s 1

01-04-2023 14:56

230401-sbgpvsaf95 6

01-04-2023 14:53

230401-r9pmpaca9t 7

01-04-2023 14:50

230401-r73rjaca8t 6

01-04-2023 14:48

230401-r6gsnsca7s 1

01-04-2023 14:45

230401-r4v8aaca6w 8

01-04-2023 14:42

230401-r24rmsaf49 8

01-04-2023 14:39

230401-r1h4jsca4s 1

01-04-2023 14:36

230401-ryy2zsaf34 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://we.tl/t-VCeNt9Cn60

  • Sample

    230401-r9pmpaca9t

Score
7/10
bootkitpersistence

Malware Config

Targets

    • Target

      https://we.tl/t-VCeNt9Cn60

    Score
    7/10
    bootkitpersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks