0e7c1a20ca3eda9ce134734e536bbdb79c707c84574e4fde8633960f290499b3 | Triage

Sharing

General

Target

FACT_D755N50T2.zip
Size

1.3MB
Sample

230407-a3k79afg66
MD5

1ffb97002478a0be7ea3920cfaf3a0f4
SHA1

2ff89c5b5f73d16c09ad374f5c11fbbed7440c2b
SHA256

0e7c1a20ca3eda9ce134734e536bbdb79c707c84574e4fde8633960f290499b3
SHA512

ed0fc29ab6dacec93f514360950baf86099ac11c195fbb218c687dd6b766016c9456315e85c1f9df8ac11690980785205ba4b45545749026491f3f00b09d5d79
SSDEEP

24576:LE2mrQ0g6l/k/jpVlYQ3m+L5kUV1BQKSkkn4Iho2zy93Qd5DNfHLBG5npiG1z3xK:h0g69k1VlYQWFUhakWhVasftEZA

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  FACT_D755N50T2.exe
- Size
  
  1.5MB
- MD5
  
  35e24a8ce72dd5360fc826947abfdc10
- SHA1
  
  929e014f9d6271ae3ce82d5dadcd674631c9c779
- SHA256
  
  d0fbbba4a32cf5156daf563e6fa9b2133cc11b85a7a2632411eb7195ab35e9c7
- SHA512
  
  558bc4ac4c9da60fea107037789cfa7cb0cbe10829687bf50f71afb0cfa51bc74f5d5f478c59914e8e55f5b6bd4d9e487a3b1286327491189aa5e90f0c38cf4e
- SSDEEP
  
  24576:Z6Ykri0w6Hf0PjnVlYI5YALlgKPlDQKimQn+IZQaL89V6pZE1rrrrrrrrrrrrrrl:pKw6/0zVlYIqXKNKmGZXgZpO8
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  ~
- Size
  
  256KB
- MD5
  
  56354f6191810e362bf2ae7b3f6e82b4
- SHA1
  
  98260eb9dbec4ef777939937b4ca797ac336e3ff
- SHA256
  
  95c16c2f74bfe9878117d341d4b259c5327f87fc10e8407b27e9a905aff0ac11
- SHA512
  
  fb40abe4838e4026a4b1c826566454ff181e68bf7f7929777f2ea63e55a8242c65f12dffb274e8c46f5f1bcb7f42661c41e7b2a62ed39050814a45de54ab8b30
- SSDEEP
  
  6144:bCfHrZae3GFqRQcMeh4WpywpjchNCPnAeb:bCfLZadcM24fRNXe
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Security Software Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

bootkitpersistence

behavioral4

bootkitpersistence