Overview

overview

7

Static

static

7

b0f79cc681...16.exe

windows7-x64

7

b0f79cc681...16.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b0f79cc681ff3a9873d3f2865de774982d8dc691e1cd33e79e18b226aeeb9416

  • Size

    4.5MB

  • Sample

    240219-t4jklagc5w

  • MD5

    97208007ab21ffc52c7cc01445e04fdf

  • SHA1

    907515ad2fc262e4ddc5161703bfdd28163f2e0c

  • SHA256

    b0f79cc681ff3a9873d3f2865de774982d8dc691e1cd33e79e18b226aeeb9416

  • SHA512

    d0c4c087ee2164cfd064833fad70cb6dd7e665a8fdda44c67557e5b3f3ea1fac6f17fdc51a2b8e6e532d1823bc45910b1ea2fd7fede9bc12dcd467053867d66f

  • SSDEEP

    98304:p8CWEft+AGpoPdmjfwn706B9w6rMkZFbyNQ1Ue43PZ5fMXy/1Q:OZEF+5lu7PJrWN+4B57/1Q

Score
7/10
bootkitpersistenceupx

Malware Config

Targets

    • Target

      b0f79cc681ff3a9873d3f2865de774982d8dc691e1cd33e79e18b226aeeb9416

    • Size

      4.5MB

    • MD5

      97208007ab21ffc52c7cc01445e04fdf

    • SHA1

      907515ad2fc262e4ddc5161703bfdd28163f2e0c

    • SHA256

      b0f79cc681ff3a9873d3f2865de774982d8dc691e1cd33e79e18b226aeeb9416

    • SHA512

      d0c4c087ee2164cfd064833fad70cb6dd7e665a8fdda44c67557e5b3f3ea1fac6f17fdc51a2b8e6e532d1823bc45910b1ea2fd7fede9bc12dcd467053867d66f

    • SSDEEP

      98304:p8CWEft+AGpoPdmjfwn706B9w6rMkZFbyNQ1Ue43PZ5fMXy/1Q:OZEF+5lu7PJrWN+4B57/1Q

    Score
    7/10
    bootkitpersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks