1bf688e2b35c3e431a8458de0e55d30729a8ae2762568f82359ed0ccf75d65fa | Triage

Submit
Reports

Overview

overview

9

Static

static

1

666.exe

windows7-x64

9

666.exe

windows10-2004-x64

9

Sharing

General

Target

666.exe
Size

86KB
Sample

230403-xh3ccsge86
MD5

a7f9d16f72ba1782aff84741fcc43a7a
SHA1

20536bb7463d83143a0221e56c4faf2155e73bc7
SHA256

1bf688e2b35c3e431a8458de0e55d30729a8ae2762568f82359ed0ccf75d65fa
SHA512

59b08739c0eeedf8956a7dc44730d11548996ed1f6ef2dc6beac753fc1a6b844545250640d9f341a6c7a06f108cd43b6db98e9e7166729405e54ab9e5513a3cd
SSDEEP

1536:2Uv4AYvNDT0aJQcc7T7yVx+a0NqlLjvCPTPRhnBu3gAjObfnapxjJeU:28ACb/6jIU

Score

9^/10

bootkit evasion persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

666.exe

Resource

win7-20230220-en

bootkit evasion persistence ransomware

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

666.exe

Resource

win10v2004-20230220-en

bootkit evasion persistence ransomware

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  666.exe
- Size
  
  86KB
- MD5
  
  a7f9d16f72ba1782aff84741fcc43a7a
- SHA1
  
  20536bb7463d83143a0221e56c4faf2155e73bc7
- SHA256
  
  1bf688e2b35c3e431a8458de0e55d30729a8ae2762568f82359ed0ccf75d65fa
- SHA512
  
  59b08739c0eeedf8956a7dc44730d11548996ed1f6ef2dc6beac753fc1a6b844545250640d9f341a6c7a06f108cd43b6db98e9e7166729405e54ab9e5513a3cd
- SSDEEP
  
  1536:2Uv4AYvNDT0aJQcc7T7yVx+a0NqlLjvCPTPRhnBu3gAjObfnapxjJeU:28ACb/6jIU
Score

9^/10

bootkit evasion persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies WinLogon
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

bootkitevasionpersistenceransomware

behavioral2

bootkitevasionpersistenceransomware

© 2018-2024

Terms | Privacy