f982c687ceca030fc9abc7f4f28960e701d5a83b3a539b0633ab1b628ac86d0e | Triage

Resubmissions

25/06/2024, 01:37

240625-b151baxamn 8

25/06/2024, 01:35

240625-bzvsystckh 7

Sharing

Copy URL Twitter E-mail

General

Target

S3D2d-1.34 21-01-24.zip
Size

67.1MB
Sample

240625-b151baxamn
MD5

d5c16422b49ebcd078b72538d7cd4e88
SHA1

fba2cfd0dda80b6a7efff245b0918d0701eaee1f
SHA256

f982c687ceca030fc9abc7f4f28960e701d5a83b3a539b0633ab1b628ac86d0e
SHA512

7876fe890cf255dce6a8a23083cc25be78048ec937135219c1bede1d07e2c6b60e15220280e09172b048ab7f6631fbd125d660c26cae4f4d9854e7dca6d6ee49
SSDEEP

1572864:L5PswaKKc+1nVYIc8mtc95wG7e1xko41Dc9loOquFv1x:FTv+/YLtSD7Yxko8cXguFP

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  S3D2d-1.34 21-01-24.zip
- Size
  
  67.1MB
- MD5
  
  d5c16422b49ebcd078b72538d7cd4e88
- SHA1
  
  fba2cfd0dda80b6a7efff245b0918d0701eaee1f
- SHA256
  
  f982c687ceca030fc9abc7f4f28960e701d5a83b3a539b0633ab1b628ac86d0e
- SHA512
  
  7876fe890cf255dce6a8a23083cc25be78048ec937135219c1bede1d07e2c6b60e15220280e09172b048ab7f6631fbd125d660c26cae4f4d9854e7dca6d6ee49
- SSDEEP
  
  1572864:L5PswaKKc+1nVYIc8mtc95wG7e1xko41Dc9loOquFv1x:FTv+/YLtSD7Yxko8cXguFP
Score

1^/10
behavioral1
- Target
  
  Sonic3D2d 1.34.exe
- Size
  
  21.0MB
- MD5
  
  3d63fda703ee81f3c73931d53b6c4662
- SHA1
  
  13e61794c42c9fb382b5ee358a2c83344cc7e55d
- SHA256
  
  5d8ad960833081babab1bf47f0ab7eb0f539401d1405892c04f6370e68b3cdce
- SHA512
  
  8933f15726866d3a25715580ff2d1e41ea7826d2d3e4a749aac6ab3f28848634144b92494032606d4b6e7bb62eda99ea053131b3841ccc22cf7c2adb0127a6c3
- SSDEEP
  
  393216:vnzrYqvkbXVATkTGPyeL9QjMlXohgLMpaQBiikWzkm/ytJJJH3s8X/n8IdJFy:fY5oawJ4MlXowMpxBhkWzkf3JJH3ss/A
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral2
- Target
  
  xinput1_3.dll
- Size
  
  79KB
- MD5
  
  77f595dee5ffacea72b135b1fce1312e
- SHA1
  
  d2a710b332de3ef7a576e0aed27b0ae66892b7e9
- SHA256
  
  8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7
- SHA512
  
  a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746
- SSDEEP
  
  1536:TVeqvNS6T6jxeEsU6b0xZtDDVb9X8u9JA7zitdrz/R8cy/FaeBD:TVeqvNOeFgxZ9DVVtRBy/EeD
Score

1^/10
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bootkitpersistence

behavioral3