59a5632736ce0a74810969b57eedc5b27d24b7867393cb92c37d1b1591b6be81 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

poster copy.jpg

windows10-1703-x64

8

poster copy.jpg

windows11-21h2-x64

3

Sharing

General

Target

poster copy.jpg
Size

474KB
Sample

240423-qxkbrsgg82
MD5

c38cc38dfa5ae512d1841170da49ccc1
SHA1

a64033c83c25763f4a42c8a5c60185b3c27519b0
SHA256

59a5632736ce0a74810969b57eedc5b27d24b7867393cb92c37d1b1591b6be81
SHA512

965fd231f83726e5e57d2ef3b624e3ce3a8a37d2fcde61a1745d6ea46b41919f0bc8def67ae0079d8cebe03656d538fa7569f1874923acbf5c75ef24e19011c1
SSDEEP

12288:l+vhqYr1pbsJXQGJ/7xrvZgexHJ8hEsTvsT0ph:l+vhJrSrZge9o4U

Score

8^/10

bootkit link persistence qr

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

poster copy.jpg

Resource

win10-20240404-en

bootkit persistence

windows10-1703-x64

22 signatures

1200 seconds

Behavioral task

behavioral2

Sample

poster copy.jpg

Resource

win11-20240412-en

windows11-21h2-x64

1 signatures

1200 seconds

Malware Config

Targets

- Target
  
  poster copy.jpg
- Size
  
  474KB
- MD5
  
  c38cc38dfa5ae512d1841170da49ccc1
- SHA1
  
  a64033c83c25763f4a42c8a5c60185b3c27519b0
- SHA256
  
  59a5632736ce0a74810969b57eedc5b27d24b7867393cb92c37d1b1591b6be81
- SHA512
  
  965fd231f83726e5e57d2ef3b624e3ce3a8a37d2fcde61a1745d6ea46b41919f0bc8def67ae0079d8cebe03656d538fa7569f1874923acbf5c75ef24e19011c1
- SSDEEP
  
  12288:l+vhqYr1pbsJXQGJ/7xrvZgexHJ8hEsTvsT0ph:l+vhJrSrZge9o4U
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

© 2018-2024

Terms | Privacy