Overview

overview

7

Static

static

1

Monoxide

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Monoxide

  • Size

    183KB

  • Sample

    230401-t8weyscf2x

  • MD5

    e7137f5eeb8323becf1243095717112e

  • SHA1

    90dd5a0da4f145fe3a1d7126178da30c9df22b37

  • SHA256

    c841159847d9aa30087e10b67b3d43ad09497980760bcd57b8893e30f0794bae

  • SHA512

    1b89ca9299bda056dc89ac2cc8081eb5816814744fd1c47ec5b2c902052e18d57fca2216d0ad77ae714b06b0da189db06cfb87bd6c99cfa3aff8447b62128699

  • SSDEEP

    3072:ojTRgFloUWbwXwXIjhArpstmBCnLeKD5tVJpa2Ugt1y206taPexDuqJmo8YJaQUb:sTRgFloOxDuqJJ8YJaQU2SJxX520WLyl

Score
7/10
bootkitpersistence

Malware Config

Targets

    • Target

      Monoxide

    • Size

      183KB

    • MD5

      e7137f5eeb8323becf1243095717112e

    • SHA1

      90dd5a0da4f145fe3a1d7126178da30c9df22b37

    • SHA256

      c841159847d9aa30087e10b67b3d43ad09497980760bcd57b8893e30f0794bae

    • SHA512

      1b89ca9299bda056dc89ac2cc8081eb5816814744fd1c47ec5b2c902052e18d57fca2216d0ad77ae714b06b0da189db06cfb87bd6c99cfa3aff8447b62128699

    • SSDEEP

      3072:ojTRgFloUWbwXwXIjhArpstmBCnLeKD5tVJpa2Ugt1y206taPexDuqJmo8YJaQUb:sTRgFloOxDuqJJ8YJaQU2SJxX520WLyl

    Score
    7/10
    bootkitpersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks