Overview

overview

8

Static

static

1

sample.html

windows7-x64

1

sample.html

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample

  • Size

    483KB

  • Sample

    240521-rdms8agf2s

  • MD5

    3a3aa8af59c813bf2e6bf165f2b7ffe3

  • SHA1

    f9d2975ae329c3ac27f2d06a7cdc872cbe3a8700

  • SHA256

    75284356cac0f9c928d928dcbeb5bcd673620dcf5f1a6639f652db74654be307

  • SHA512

    56b50f8f5339ceddaaa43e79384203f28808e4db3708f0efd9383ddabcde655071cc1b7b42e977b8ea5cfee6d66321acd8c183e898281c4fde0a317a7d03df17

  • SSDEEP

    6144:uf0N8MN8mN8zN8wN8zN8hN8jN8cN8ON8tzE:u8NvNjNiNPNONsNQNvNNNizE

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      sample

    • Size

      483KB

    • MD5

      3a3aa8af59c813bf2e6bf165f2b7ffe3

    • SHA1

      f9d2975ae329c3ac27f2d06a7cdc872cbe3a8700

    • SHA256

      75284356cac0f9c928d928dcbeb5bcd673620dcf5f1a6639f652db74654be307

    • SHA512

      56b50f8f5339ceddaaa43e79384203f28808e4db3708f0efd9383ddabcde655071cc1b7b42e977b8ea5cfee6d66321acd8c183e898281c4fde0a317a7d03df17

    • SSDEEP

      6144:uf0N8MN8mN8zN8wN8zN8hN8jN8cN8ON8tzE:u8NvNjNiNPNONsNQNvNNNizE

    Score
    8/10
    bootkitpersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks