Overview

overview

8

Static

static

1

IMG_8641.jpg

windows7-x64

3

IMG_8641.jpg

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMG_8641.png

  • Size

    950KB

  • Sample

    240421-x5j5asaa83

  • MD5

    05414a2de31611cfcfe6a847b9030ee4

  • SHA1

    2f7c221e249565be44d8d728715d47468dbcc5a8

  • SHA256

    cb8834cc6e03fb648dd53a9f50c03e8149628ef0bbd66dcf91adbfc2667c6712

  • SHA512

    adc9548766a3f54736d402ea52967da4e1ff1df5af0ddefa5abdfd396b5fce4f2eadf337816b25eef3f6922c417b08fedc2af091c00cbaeac072493bf4fc978b

  • SSDEEP

    24576:PhvMOdFf3XphM8EShv/XFOEb44teGs206TA3:5kOdF/XnN/VT46eGs23c

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      IMG_8641.png

    • Size

      950KB

    • MD5

      05414a2de31611cfcfe6a847b9030ee4

    • SHA1

      2f7c221e249565be44d8d728715d47468dbcc5a8

    • SHA256

      cb8834cc6e03fb648dd53a9f50c03e8149628ef0bbd66dcf91adbfc2667c6712

    • SHA512

      adc9548766a3f54736d402ea52967da4e1ff1df5af0ddefa5abdfd396b5fce4f2eadf337816b25eef3f6922c417b08fedc2af091c00cbaeac072493bf4fc978b

    • SSDEEP

      24576:PhvMOdFf3XphM8EShv/XFOEb44teGs206TA3:5kOdF/XnN/VT46eGs23c

    Score
    8/10
    bootkitpersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks