9cf30d268e87560553364a7bfc806b306544df040f91914391314527dc246870 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

brawl-stars.exe
Size

9.4MB
Sample

240311-jzarsafe7y
MD5

db5f372474f906570d4e03702134a54f
SHA1

7c6218526b83abafc9eefadde4e66fbc33d95ae3
SHA256

9cf30d268e87560553364a7bfc806b306544df040f91914391314527dc246870
SHA512

4e9f7b3aeb32114757e7d1b415faed10a33cadfd1e03ddcbf9d1810ceebe797898988382c95260edf4b5dde7b62e0cab2696b1c30216d7537c8f62606499868f
SSDEEP

196608:pxLnHBqlUgN7AktVweDO8emQmG5eWWi/zio/if:3J2O84wWrX/

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  brawl-stars.exe
- Size
  
  9.4MB
- MD5
  
  db5f372474f906570d4e03702134a54f
- SHA1
  
  7c6218526b83abafc9eefadde4e66fbc33d95ae3
- SHA256
  
  9cf30d268e87560553364a7bfc806b306544df040f91914391314527dc246870
- SHA512
  
  4e9f7b3aeb32114757e7d1b415faed10a33cadfd1e03ddcbf9d1810ceebe797898988382c95260edf4b5dde7b62e0cab2696b1c30216d7537c8f62606499868f
- SSDEEP
  
  196608:pxLnHBqlUgN7AktVweDO8emQmG5eWWi/zio/if:3J2O84wWrX/
Score

7^/10

bootkit discovery persistence
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence