Overview

overview

8

Static

static

1

sample.html

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    sample

  • Size

    18KB

  • Sample

    240326-sc787scg22

  • MD5

    bfc8a825d061dc32c558f1db8937debf

  • SHA1

    c86b0928b32f3ead1f274f361c86d698d5eb965a

  • SHA256

    6d2ceba78862e5c0c4e8822770b7d05d395af147e881a2e6701d7d27ede77979

  • SHA512

    147151e7dea7912eb2d5517b6be1b9aab79c80f763a7b155890a5264be29e7977e3b7e01ca59c8bc611406a75e3a7217ad89a281782d8e3ac73b25c324fe8dbe

  • SSDEEP

    384:rqYthqCDpmReVoOs4LN9ylKeGMFU8HhhbdBw7hS2LjFrSS+OVJCBXQL:rqY6CBVoOs4LryI1MJBhbPOJFrSOJQQL

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      sample

    • Size

      18KB

    • MD5

      bfc8a825d061dc32c558f1db8937debf

    • SHA1

      c86b0928b32f3ead1f274f361c86d698d5eb965a

    • SHA256

      6d2ceba78862e5c0c4e8822770b7d05d395af147e881a2e6701d7d27ede77979

    • SHA512

      147151e7dea7912eb2d5517b6be1b9aab79c80f763a7b155890a5264be29e7977e3b7e01ca59c8bc611406a75e3a7217ad89a281782d8e3ac73b25c324fe8dbe

    • SSDEEP

      384:rqYthqCDpmReVoOs4LN9ylKeGMFU8HhhbdBw7hS2LjFrSS+OVJCBXQL:rqY6CBVoOs4LryI1MJBhbPOJFrSOJQQL

    Score
    8/10
    bootkitpersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks