General
-
Target
DFStd.exe
-
Size
6.0MB
-
Sample
230528-tpb7zafe68
-
MD5
b8fc2d496516ee62893881f7cd6b3519
-
SHA1
221287ce79173679639d95722239ee449607cca1
-
SHA256
832dbe939ca03bc4aa1c6e45d97db87871a0384b019b7cc0ca1f15492a83a9a6
-
SHA512
12f7d501b409549c0e8ec6e38e14dac42ecc6ee9a83052ec5a3d85d1c02d5a5caba04135ae6a11987c494a924043375aee7c0b593e30cfb2ea147d98db9cc9f8
-
SSDEEP
98304:kekrWAjN7r3ylrlOJr3ylrlODUaQWt15I/QLKENqP:KrWiN7rtrsahttLXNqP
Behavioral task
behavioral1
Sample
DFStd.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
DFStd.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
DFStd.exe
-
Size
6.0MB
-
MD5
b8fc2d496516ee62893881f7cd6b3519
-
SHA1
221287ce79173679639d95722239ee449607cca1
-
SHA256
832dbe939ca03bc4aa1c6e45d97db87871a0384b019b7cc0ca1f15492a83a9a6
-
SHA512
12f7d501b409549c0e8ec6e38e14dac42ecc6ee9a83052ec5a3d85d1c02d5a5caba04135ae6a11987c494a924043375aee7c0b593e30cfb2ea147d98db9cc9f8
-
SSDEEP
98304:kekrWAjN7r3ylrlOJr3ylrlODUaQWt15I/QLKENqP:KrWiN7rtrsahttLXNqP
Score8/10-
Drops file in Drivers directory
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies WinLogon
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-