91c7c3e1ac15cb9d320a6386e43e77ca7473ba3db708f45776869d85bbde3adc | Triage

Submit
Reports

Overview

overview

7

Static

static

1

pdr-free-online.exe

windows7-x64

7

pdr-free-online.exe

windows10-2004-x64

7

Sharing

General

Target

pdr-free-online.exe
Size

2.2MB
Sample

230403-tr19wafg99
MD5

8e938b9dc68c347110e57a8086662bd5
SHA1

33e65b0ea45bc0496897288a37ef2492c69307d1
SHA256

91c7c3e1ac15cb9d320a6386e43e77ca7473ba3db708f45776869d85bbde3adc
SHA512

28fd1371638c108c77bbf7bd189c09a8eee53e4c40957748ddaf02eb4a1b40ad824ea94b170e8ed50d5a40c6d3656a12347d67837221eb23d56c4f0f0cfa0ac1
SSDEEP

49152:9tJEra8kaXpfLZyTiikVd4vSq8Fk5M76LPDgTSjZShK:9tc9kOpfLZyTyuvzZi6LPDgeZShK

Score

7^/10

bootkit discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

pdr-free-online.exe

Resource

win7-20230220-en

bootkit discovery persistence

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

pdr-free-online.exe

Resource

win10v2004-20230220-en

bootkit discovery persistence

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  pdr-free-online.exe
- Size
  
  2.2MB
- MD5
  
  8e938b9dc68c347110e57a8086662bd5
- SHA1
  
  33e65b0ea45bc0496897288a37ef2492c69307d1
- SHA256
  
  91c7c3e1ac15cb9d320a6386e43e77ca7473ba3db708f45776869d85bbde3adc
- SHA512
  
  28fd1371638c108c77bbf7bd189c09a8eee53e4c40957748ddaf02eb4a1b40ad824ea94b170e8ed50d5a40c6d3656a12347d67837221eb23d56c4f0f0cfa0ac1
- SSDEEP
  
  49152:9tJEra8kaXpfLZyTiikVd4vSq8Fk5M76LPDgTSjZShK:9tc9kOpfLZyTyuvzZi6LPDgeZShK
Score

7^/10

bootkit discovery persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence

© 2018-2024

Terms | Privacy