Overview

overview

7

Static

static

3

ő (en).exe

windows7-x64

7

ő (en).exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    ő (en).bat

  • Size

    13.2MB

  • Sample

    230509-xw6lyadg35

  • MD5

    6d68a0c760fc1547a9d9cd3ac25769dc

  • SHA1

    aebfda195faa08af0752c4310538ae044416030b

  • SHA256

    4ec225b822f1fbb27944ff3cb2856ba214de405d2a7589abfa3bd080c1534ac4

  • SHA512

    ae45a2334f83562902d5549eddcb3475fd02685ee60401f736ed7e4b0d5a83a1f7566224059d5b28dc4b7e6dae0a9cab23f5629a5839b53c1be6e13e2b474f1a

  • SSDEEP

    393216:WRP9XCHT+X/A8chntmnTTxhuDoDpY2nbh9gwSI:8l6e4nnt6LuE1/dhSI

Score
7/10
bootkitpersistence

Malware Config

Targets

    • Target

      ő (en).bat

    • Size

      13.2MB

    • MD5

      6d68a0c760fc1547a9d9cd3ac25769dc

    • SHA1

      aebfda195faa08af0752c4310538ae044416030b

    • SHA256

      4ec225b822f1fbb27944ff3cb2856ba214de405d2a7589abfa3bd080c1534ac4

    • SHA512

      ae45a2334f83562902d5549eddcb3475fd02685ee60401f736ed7e4b0d5a83a1f7566224059d5b28dc4b7e6dae0a9cab23f5629a5839b53c1be6e13e2b474f1a

    • SSDEEP

      393216:WRP9XCHT+X/A8chntmnTTxhuDoDpY2nbh9gwSI:8l6e4nnt6LuE1/dhSI

    Score
    7/10
    bootkitpersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks