66ffa7f958b2dc966dd9f2359d4254c58f798a4a5e9e549adbd8a1cfdbedc73e | Triage

Submit
Reports

Overview

overview

8

Static

static

1

clash-of-c...81.exe

windows10-2004-x64

8

Sharing

General

Target

clash-of-clans-1.0.12067.123-installer_U9-aR81.exe
Size

1.7MB
Sample

230403-la2v3sfc6w
MD5

8c5ce85a467924e907c46dee684dee58
SHA1

5eeaf6c2228f808a5dc40d7b6340cedc3a002e75
SHA256

66ffa7f958b2dc966dd9f2359d4254c58f798a4a5e9e549adbd8a1cfdbedc73e
SHA512

529c6a7917b58fa40567ff6185bc10bb61fc6f0bbc564805e318fb5f3038fc79091103b7d25b4edc8cdbe5953be6d97d5cd7319fcf688c8a3c9668429af3170d
SSDEEP

24576:D7FUDowAyrTVE3U5Fmr9PamvXdPaJPfrT90eKc4cgFLNPfs8duMpmsDck:DBuZrEU0vNwPH9RHgFLRdp/3

Score

8^/10

bootkit discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

clash-of-clans-1.0.12067.123-installer_U9-aR81.exe

Resource

win10v2004-20230220-en

bootkit discovery persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  clash-of-clans-1.0.12067.123-installer_U9-aR81.exe
- Size
  
  1.7MB
- MD5
  
  8c5ce85a467924e907c46dee684dee58
- SHA1
  
  5eeaf6c2228f808a5dc40d7b6340cedc3a002e75
- SHA256
  
  66ffa7f958b2dc966dd9f2359d4254c58f798a4a5e9e549adbd8a1cfdbedc73e
- SHA512
  
  529c6a7917b58fa40567ff6185bc10bb61fc6f0bbc564805e318fb5f3038fc79091103b7d25b4edc8cdbe5953be6d97d5cd7319fcf688c8a3c9668429af3170d
- SSDEEP
  
  24576:D7FUDowAyrTVE3U5Fmr9PamvXdPaJPfrT90eKc4cgFLNPfs8duMpmsDck:DBuZrEU0vNwPH9RHgFLRdp/3
Score

8^/10

bootkit discovery persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

© 2018-2024

Terms | Privacy