Overview

overview

8

Static

static

1

2024-08-28...20.png

windows10-2004-x64

Resubmissions

29-08-2024 13:07

240829-qcqcaavdrq 3

29-08-2024 13:01

240829-p9mf8asfra 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-08-28_17.39.20.png

  • Size

    3.7MB

  • Sample

    240829-p9mf8asfra

  • MD5

    31f64d08f06a9cdac51d0971f94a379e

  • SHA1

    7befbfa708409b53f648ef7fdb742d791331c0b1

  • SHA256

    4a29032f14ba4f5a8c0fe75ef1e067399065bb6f54897250624342216995a9a0

  • SHA512

    e1890c301f066495bfc1530951da472526daf44003e5c002002b419340d82a4b37cf2b6f94e3db0d88405ed14deed853792dd34c5eeafc48fcdf6fc4ad301482

  • SSDEEP

    98304:jltSQLuiVsyNaOKlyU2G7PpZK8X6Owfopr6At:jvSQLui/DKltLpZK8X69opuAt

Score
8/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      2024-08-28_17.39.20.png

    • Size

      3.7MB

    • MD5

      31f64d08f06a9cdac51d0971f94a379e

    • SHA1

      7befbfa708409b53f648ef7fdb742d791331c0b1

    • SHA256

      4a29032f14ba4f5a8c0fe75ef1e067399065bb6f54897250624342216995a9a0

    • SHA512

      e1890c301f066495bfc1530951da472526daf44003e5c002002b419340d82a4b37cf2b6f94e3db0d88405ed14deed853792dd34c5eeafc48fcdf6fc4ad301482

    • SSDEEP

      98304:jltSQLuiVsyNaOKlyU2G7PpZK8X6Owfopr6At:jvSQLui/DKltLpZK8X69opuAt

    Score
    8/10
    bootkitdiscoverypersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks