774bd10eea00db8e7eb85f86f25461f08a49504af92bf27bc673dbf0e71dbc98 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

741fdb7c64f64cea198b80380e58cd61
Size

714KB
Sample

231226-rct6xacedl
MD5

741fdb7c64f64cea198b80380e58cd61
SHA1

b9d3a14df24aae332d5e4e20a3e49610a037dd65
SHA256

774bd10eea00db8e7eb85f86f25461f08a49504af92bf27bc673dbf0e71dbc98
SHA512

cab8deb4b9bbd66456251dde9fa71f608658a7c792cfbe7fea72f662c31b7910361a8397842ae2228921586a0a713819c79886c7b15d63ba052bbc4a6a3e9886
SSDEEP

12288:v2UtO9NJlEd66iwglF/I9Psc3VUc/9ef1vKbrFr5+qFz1RY7ytS8eijhTF+UmZ:v2Up63w2FENx/Ukd5FFzzQyA8eUF+JZ

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  741fdb7c64f64cea198b80380e58cd61
- Size
  
  714KB
- MD5
  
  741fdb7c64f64cea198b80380e58cd61
- SHA1
  
  b9d3a14df24aae332d5e4e20a3e49610a037dd65
- SHA256
  
  774bd10eea00db8e7eb85f86f25461f08a49504af92bf27bc673dbf0e71dbc98
- SHA512
  
  cab8deb4b9bbd66456251dde9fa71f608658a7c792cfbe7fea72f662c31b7910361a8397842ae2228921586a0a713819c79886c7b15d63ba052bbc4a6a3e9886
- SSDEEP
  
  12288:v2UtO9NJlEd66iwglF/I9Psc3VUc/9ef1vKbrFr5+qFz1RY7ytS8eijhTF+UmZ:v2Up63w2FENx/Ukd5FFzzQyA8eUF+JZ
Score

7^/10

bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence