Overview

overview

8

Static

static

3

39. Funç�...MP.pdf

windows7-x64

1

39. Funç�...MP.pdf

windows10-2004-x64

Resubmissions

16/04/2024, 15:09

240416-sjsgbsdb46 6

16/04/2024, 15:09

240416-sjgptsdb38 3

16/04/2024, 14:52

240416-r8194acg47 8

16/04/2024, 14:52

240416-r8qtcsed4x 3

Sharing

Copy URL Twitter E-mail

General

  • Target

    39. Função quadrática MP.pdf

  • Size

    5.2MB

  • Sample

    240416-r8194acg47

  • MD5

    160ba476eb225db8e2461f33fc6b9655

  • SHA1

    e9385504bd442b6afa9d4df7ed37305f2568888a

  • SHA256

    bc2cc6924cf28c8b08005a5f323200731931d648260ee6a5234a7c0589b0b699

  • SHA512

    7937599f80c485bf30d2fc5a04e4eeafb4f69666cb60423f2848ed6fdfb644e12f093e3b5774cf7ee357af5e0b571143d2758aef60aa0c9e2d668a4704c98393

  • SSDEEP

    98304:f9gN8fLuaQDGOV5wxWsMHGKrj4iufjvtZ7Oe6UqVgbMmu:lQ8jIn2xPMHG2j4iuLtZOUqMMmu

Score
8/10
bootkitlinkpdfpersistence

Malware Config

Targets

    • Target

      39. Função quadrática MP.pdf

    • Size

      5.2MB

    • MD5

      160ba476eb225db8e2461f33fc6b9655

    • SHA1

      e9385504bd442b6afa9d4df7ed37305f2568888a

    • SHA256

      bc2cc6924cf28c8b08005a5f323200731931d648260ee6a5234a7c0589b0b699

    • SHA512

      7937599f80c485bf30d2fc5a04e4eeafb4f69666cb60423f2848ed6fdfb644e12f093e3b5774cf7ee357af5e0b571143d2758aef60aa0c9e2d668a4704c98393

    • SSDEEP

      98304:f9gN8fLuaQDGOV5wxWsMHGKrj4iufjvtZ7Oe6UqVgbMmu:lQ8jIn2xPMHG2j4iuLtZOUqMMmu

    Score
    8/10
    bootkitpersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks