Overview

overview

7

Static

static

3

run.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    run.exe

  • Size

    9.9MB

  • Sample

    230614-w8tx8sce7z

  • MD5

    8f5cbd427ca39a3cfe3e6459e36c40e6

  • SHA1

    cdd941ec94b003d3c6f52d79ea9af6d9b6fba80a

  • SHA256

    a68b21ec47748bf9c4852988ef3692a9aed9b7fceed57105cb30f7e857300f7c

  • SHA512

    2c98dde55032e2a9ec09a2531ec1aa8615174bd3220bdc37b128cd51f219909fb69c58ae71144f26555953cbdc12ad141b8d35c9b59db909270014f554396290

  • SSDEEP

    196608:bkY0JDfyGC0sKYu/PaQ021X5Sp6GemDMPwYW90sK0ZCa+HaA:QY0JDfDYQXpfaMPPspZCaS

Score
7/10
bootkitpersistencepyinstaller

Malware Config

Targets

    • Target

      run.exe

    • Size

      9.9MB

    • MD5

      8f5cbd427ca39a3cfe3e6459e36c40e6

    • SHA1

      cdd941ec94b003d3c6f52d79ea9af6d9b6fba80a

    • SHA256

      a68b21ec47748bf9c4852988ef3692a9aed9b7fceed57105cb30f7e857300f7c

    • SHA512

      2c98dde55032e2a9ec09a2531ec1aa8615174bd3220bdc37b128cd51f219909fb69c58ae71144f26555953cbdc12ad141b8d35c9b59db909270014f554396290

    • SSDEEP

      196608:bkY0JDfyGC0sKYu/PaQ021X5Sp6GemDMPwYW90sK0ZCa+HaA:QY0JDfDYQXpfaMPPspZCaS

    Score
    7/10
    bootkitpersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks