aa4754118865fb4e1fb112a45142355db4b17a6b20ac279e5fefb707576c0cdf | Triage

Submit
Reports

Overview

overview

8

Static

static

1

.html

windows10-2004-x64

8

Sharing

General

Target

.
Size

1KB
Sample

230405-ywhesahc47
MD5

017daa6b8b8738a55202b96049750742
SHA1

ce93b434141424b2158e90a01c682d3e17bd8556
SHA256

aa4754118865fb4e1fb112a45142355db4b17a6b20ac279e5fefb707576c0cdf
SHA512

842d81746e6254f3171e858faab3dd56346de5933286923f410a60886bdeeb50fe5ad5b43b896ff8904bb7e73d508de81a9243923c982b5f9b71816e37b0a563

Score

8^/10

bootkit persistence

Static task

static1

Behavioral task

behavioral1

Sample

.html

Resource

win10v2004-20230220-en

bootkit persistence

windows10-2004-x64

20 signatures

1800 seconds

Malware Config

Targets

- Target
  
  .
- Size
  
  1KB
- MD5
  
  017daa6b8b8738a55202b96049750742
- SHA1
  
  ce93b434141424b2158e90a01c682d3e17bd8556
- SHA256
  
  aa4754118865fb4e1fb112a45142355db4b17a6b20ac279e5fefb707576c0cdf
- SHA512
  
  842d81746e6254f3171e858faab3dd56346de5933286923f410a60886bdeeb50fe5ad5b43b896ff8904bb7e73d508de81a9243923c982b5f9b71816e37b0a563
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

bootkitpersistence

© 2018-2024

Terms | Privacy