dd61e007932dbe98ea99aa5c0b22852dd3d37e8f468a4b1f1b79786b72cd5aeb | Triage

Sharing

General

Target

0c84b0f75aa2bdd54039a26223d2ae7e
Size

137KB
Sample

231230-dm4w7shdbr
MD5

0c84b0f75aa2bdd54039a26223d2ae7e
SHA1

d2a937d0ee8a02fe4d8ce4a1b9e43b0976feacc3
SHA256

dd61e007932dbe98ea99aa5c0b22852dd3d37e8f468a4b1f1b79786b72cd5aeb
SHA512

474c806ecc16c91000162c0ce0a966b1cbfcbf267149f711f4a26b65393059d35f6a1417554896bd1386e5459772a0fe648e0d6958e953e750a0efa3dbd11d1b
SSDEEP

3072:stirCYH2PFQvbOKe1aRCaRbbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhxFyVU76vB:OLYH2PGyKeQsa5wvP6bQ7yMP+DE8276p

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  0c84b0f75aa2bdd54039a26223d2ae7e
- Size
  
  137KB
- MD5
  
  0c84b0f75aa2bdd54039a26223d2ae7e
- SHA1
  
  d2a937d0ee8a02fe4d8ce4a1b9e43b0976feacc3
- SHA256
  
  dd61e007932dbe98ea99aa5c0b22852dd3d37e8f468a4b1f1b79786b72cd5aeb
- SHA512
  
  474c806ecc16c91000162c0ce0a966b1cbfcbf267149f711f4a26b65393059d35f6a1417554896bd1386e5459772a0fe648e0d6958e953e750a0efa3dbd11d1b
- SSDEEP
  
  3072:stirCYH2PFQvbOKe1aRCaRbbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhxFyVU76vB:OLYH2PGyKeQsa5wvP6bQ7yMP+DE8276p
Score

7^/10

bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2