bc0aa585171dc59737b0576000d45a6d6caf78f61034e3c2be4b18e571b233cb | Triage

Submit
Reports

Overview

overview

8

Static

static

1

Screen rec...4.webm

windows10-2004-x64

8

Sharing

General

Target

Screen recording 2023-05-02 08.07.44.webm
Size

10.0MB
Sample

230503-wl132afg75
MD5

4c66210a6930b98d768e8f3c863909e4
SHA1

489b8ed97ee02b1321ee1ecb335b3002b4688687
SHA256

bc0aa585171dc59737b0576000d45a6d6caf78f61034e3c2be4b18e571b233cb
SHA512

9a06938b7eec9bd6558b8d41459d6e892bb89d29abee1910ba6cd6f062a83b2a5404a1c00ba354e1cd38fdddf0d4a2e508c3badb8329b2743e135129faba5968
SSDEEP

196608:2S/8beiXGzDeJ2yazGGvdxCnEIylngQTDX+X1JuPBWgVTvd24OF6YL5B1:vkbeiXKD426GlxPL0FJwBWsvk4uNB1

Score

8^/10

bootkit persistence

Static task

static1

Behavioral task

behavioral1

Sample

Screen recording 2023-05-02 08.07.44.webm

Resource

win10v2004-20230221-en

bootkit persistence

windows10-2004-x64

23 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Screen recording 2023-05-02 08.07.44.webm
- Size
  
  10.0MB
- MD5
  
  4c66210a6930b98d768e8f3c863909e4
- SHA1
  
  489b8ed97ee02b1321ee1ecb335b3002b4688687
- SHA256
  
  bc0aa585171dc59737b0576000d45a6d6caf78f61034e3c2be4b18e571b233cb
- SHA512
  
  9a06938b7eec9bd6558b8d41459d6e892bb89d29abee1910ba6cd6f062a83b2a5404a1c00ba354e1cd38fdddf0d4a2e508c3badb8329b2743e135129faba5968
- SSDEEP
  
  196608:2S/8beiXGzDeJ2yazGGvdxCnEIylngQTDX+X1JuPBWgVTvd24OF6YL5B1:vkbeiXKD426GlxPL0FJwBWsvk4uNB1
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops Chrome extension
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

© 2018-2024

Terms | Privacy