Overview

overview

8

Static

static

1

download (74).jpg

windows7-x64

8

download (74).jpg

windows10-2004-x64

8

Resubmissions

05-04-2023 21:00

230405-zts9yabe71 3

05-04-2023 20:49

230405-zmd7fabe4w 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    download (74).jpg

  • Size

    11KB

  • Sample

    230405-zmd7fabe4w

  • MD5

    773c727f5bdd0870602c2bbc81e2d9de

  • SHA1

    cb866613f048351b4dc7f493ed73a6506ace0539

  • SHA256

    751bfa320057b876376f3ab2c3f532324ab2782c0f0d8578d92edd6ea86f15c8

  • SHA512

    128a5c5a2f8f7290847b612a218d2f04ec7f8b771e8ec6a310c043342ffaa6e4910cb9be6528dfc4608db72327f4986f2dc5e34121ed1cf17d1a59bb69dd264b

  • SSDEEP

    192:fxZ4EDPy7DGgJ146Tf+77d60Nv4kSJTCIn8u6r278sPVw5XYdQ6ZLHtAOB9k:fxWEDPyGA46r07d6Bvtki78CVUobN3k

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      download (74).jpg

    • Size

      11KB

    • MD5

      773c727f5bdd0870602c2bbc81e2d9de

    • SHA1

      cb866613f048351b4dc7f493ed73a6506ace0539

    • SHA256

      751bfa320057b876376f3ab2c3f532324ab2782c0f0d8578d92edd6ea86f15c8

    • SHA512

      128a5c5a2f8f7290847b612a218d2f04ec7f8b771e8ec6a310c043342ffaa6e4910cb9be6528dfc4608db72327f4986f2dc5e34121ed1cf17d1a59bb69dd264b

    • SSDEEP

      192:fxZ4EDPy7DGgJ146Tf+77d60Nv4kSJTCIn8u6r278sPVw5XYdQ6ZLHtAOB9k:fxWEDPyGA46r07d6Bvtki78CVUobN3k

    Score
    8/10
    bootkitpersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks