b54bb56c0ae4aca67ff67f6e80c185fee049794dceb3e7ede872e8fa75293fd3 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

.html

windows10-2004-x64

8

Sharing

General

Target

.
Size

4KB
Sample

240526-j2t87sca7v
MD5

6876d5b700949ef06803e2555b3ffaf4
SHA1

e977e615811b2ec83ac4b7a9a7686de8648b35d4
SHA256

b54bb56c0ae4aca67ff67f6e80c185fee049794dceb3e7ede872e8fa75293fd3
SHA512

4be5df9a55fcb142ed5884e32c07929de750121b440bd83a928b60c1f87072886536c7bd49ff05f7525df84aaec2a2fedbeeafd6ddff59762b3f4451cb8a2ef9
SSDEEP

48:0wiG6rILGYpmdP5hHt8L8yUApFV7FJINPuFa4Idlx/WMNG9GcaogMiH:52hhHc8jApFV7pa4IdlB9NGrkb

Score

8^/10

bootkit persistence

Static task

static1

Behavioral task

behavioral1

Sample

.html

Resource

win10v2004-20240508-en

bootkit persistence

windows10-2004-x64

24 signatures

1800 seconds

Malware Config

Targets

- Target
  
  .
- Size
  
  4KB
- MD5
  
  6876d5b700949ef06803e2555b3ffaf4
- SHA1
  
  e977e615811b2ec83ac4b7a9a7686de8648b35d4
- SHA256
  
  b54bb56c0ae4aca67ff67f6e80c185fee049794dceb3e7ede872e8fa75293fd3
- SHA512
  
  4be5df9a55fcb142ed5884e32c07929de750121b440bd83a928b60c1f87072886536c7bd49ff05f7525df84aaec2a2fedbeeafd6ddff59762b3f4451cb8a2ef9
- SSDEEP
  
  48:0wiG6rILGYpmdP5hHt8L8yUApFV7FJINPuFa4Idlx/WMNG9GcaogMiH:52hhHc8jApFV7pa4IdlB9NGrkb
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitpersistence

© 2018-2024

Terms | Privacy