8cf50ae247445de2e570f19705236ed4b1e19f75ca15345e5f00857243bc0e9b | Triage

Submit
Reports

Overview

overview

8

Static

static

1

1003.exe

windows10-2004-x64

8

Sharing

General

Target

1003.exe
Size

255KB
Sample

230402-kw74jsgg8z
MD5

0246bb54723bd4a49444aa4ca254845a
SHA1

151382e82fbcfdf188b347911bd6a34293c14878
SHA256

8cf50ae247445de2e570f19705236ed4b1e19f75ca15345e5f00857243bc0e9b
SHA512

8b920699602ad00015ececf7f58a181e311a6726aece237de86fcc455d0e6fcb587fe46f6ef2e86a34fe1c52d835c5e2a547874a7906315247f07daa30e4323a
SSDEEP

6144:m28cv8eNLO1cy4uWj6x5OEbHyL3IKwCQLcw:m/MLNLO1B5TRbSbI/Cg

Score

8^/10

bootkit persistence

Static task

static1

Behavioral task

behavioral1

Sample

1003.exe

Resource

win10v2004-20230220-en

bootkit persistence

windows10-2004-x64

19 signatures

300 seconds

Malware Config

Targets

- Target
  
  1003.exe
- Size
  
  255KB
- MD5
  
  0246bb54723bd4a49444aa4ca254845a
- SHA1
  
  151382e82fbcfdf188b347911bd6a34293c14878
- SHA256
  
  8cf50ae247445de2e570f19705236ed4b1e19f75ca15345e5f00857243bc0e9b
- SHA512
  
  8b920699602ad00015ececf7f58a181e311a6726aece237de86fcc455d0e6fcb587fe46f6ef2e86a34fe1c52d835c5e2a547874a7906315247f07daa30e4323a
- SSDEEP
  
  6144:m28cv8eNLO1cy4uWj6x5OEbHyL3IKwCQLcw:m/MLNLO1B5TRbSbI/Cg
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

bootkitpersistence

© 2018-2024

Terms | Privacy