c04f2c02e34da7bed4800b45220f5831dec511da884f738c1e3321c18ef8c516 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

drweb-1.0-katana.exe

windows10-2004-x64

8

Sharing

General

Target

drweb-1.0-katana.exe
Size

46.8MB
Sample

230403-s67jrsff78
MD5

8acc7d1bd885d322e0906c48d66b5eac
SHA1

8dec2d7e07fd6eee855fe3d18d24cb81514f323c
SHA256

c04f2c02e34da7bed4800b45220f5831dec511da884f738c1e3321c18ef8c516
SHA512

32a94a49569e582b12a2a99c8030f01eae213ea11be0b6613e3d79c6f9dc3889c80d27b1fbdeb4edd4849be24c4cbda402026d5556de94090543effa34a3048c
SSDEEP

786432:MwtCRQ9ZTbV/sjEKj3STdBoFMDhSLF9MKIxEPT9cFRHRdDHtKC0owR:MmFlV/6EgAcFMhSJGKIxwJcF1RdDNKQg

Score

8^/10

bootkit discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

drweb-1.0-katana.exe

Resource

win10v2004-20230220-en

bootkit discovery persistence

windows10-2004-x64

29 signatures

1800 seconds

Malware Config

Targets

- Target
  
  drweb-1.0-katana.exe
- Size
  
  46.8MB
- MD5
  
  8acc7d1bd885d322e0906c48d66b5eac
- SHA1
  
  8dec2d7e07fd6eee855fe3d18d24cb81514f323c
- SHA256
  
  c04f2c02e34da7bed4800b45220f5831dec511da884f738c1e3321c18ef8c516
- SHA512
  
  32a94a49569e582b12a2a99c8030f01eae213ea11be0b6613e3d79c6f9dc3889c80d27b1fbdeb4edd4849be24c4cbda402026d5556de94090543effa34a3048c
- SSDEEP
  
  786432:MwtCRQ9ZTbV/sjEKj3STdBoFMDhSLF9MKIxEPT9cFRHRdDHtKC0owR:MmFlV/6EgAcFMhSJGKIxwJcF1RdDNKQg
Score

8^/10

bootkit discovery persistence
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Security Software Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

© 2018-2024

Terms | Privacy