Overview

overview

7

Static

static

1

c2dc418fce...62.exe

windows7-x64

7

c2dc418fce...62.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c2dc418fce61034bb32db191b1b8ee54db2b082cbaff3c38145f1413b9832062

  • Size

    26.1MB

  • Sample

    230403-ejfkwaea4s

  • MD5

    adaec1033cf74bc93f813c119eb835e6

  • SHA1

    5627c51939e3bf2055c45fa1a1036c52e9b2c32f

  • SHA256

    c2dc418fce61034bb32db191b1b8ee54db2b082cbaff3c38145f1413b9832062

  • SHA512

    7f4758dc8ec7990f23a1eccca3165b1b3bd46a06a6d7c3e35d78ff2aad525e93928defd37ceb07fb6915fcb130e66da5d76b93e5306405fccc5286e6eeae111b

  • SSDEEP

    786432:Y0RjWCY4UU/QMjvvoyktUEQmUaZcu0J/+K98TJA:Y0hWCuU9jvQysUnmUaZcN/+KCG

Score
7/10
bootkitpersistence

Malware Config

Targets

    • Target

      c2dc418fce61034bb32db191b1b8ee54db2b082cbaff3c38145f1413b9832062

    • Size

      26.1MB

    • MD5

      adaec1033cf74bc93f813c119eb835e6

    • SHA1

      5627c51939e3bf2055c45fa1a1036c52e9b2c32f

    • SHA256

      c2dc418fce61034bb32db191b1b8ee54db2b082cbaff3c38145f1413b9832062

    • SHA512

      7f4758dc8ec7990f23a1eccca3165b1b3bd46a06a6d7c3e35d78ff2aad525e93928defd37ceb07fb6915fcb130e66da5d76b93e5306405fccc5286e6eeae111b

    • SSDEEP

      786432:Y0RjWCY4UU/QMjvvoyktUEQmUaZcu0J/+K98TJA:Y0hWCuU9jvQysUnmUaZcN/+KCG

    Score
    7/10
    bootkitpersistence

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks