5f54d87c3a9f0ccf47783aa02c3e51d55edad950c717e0f59f1f307a45346251 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

sample.js

windows10-2004-x64

Sharing

General

Target

sample
Size

77KB
Sample

240907-cmzf2szejr
MD5

ac7bb14b622c2d35219240671815bfd2
SHA1

dbcb098e25db3587c2d2b72e8a1dfdd9274e7fb2
SHA256

5f54d87c3a9f0ccf47783aa02c3e51d55edad950c717e0f59f1f307a45346251
SHA512

5ffa0a7c6ba57106d49768cd0232e6dd73e2ad630d03c3ef75f981a921bbe7d4c28d671d260c3c5614f6cabd9379f79398b9bad3b3a5cbe2f1f2015697e73bf1
SSDEEP

1536:O6QJFLCCwNieXvQehNFZuSuWtWWxTZdkG+NpcaEej3qcS/6aXWKjpsvH6ZJsnfJC:pQJFLhwTRZdkG+NpcaEej3qcS/6aXWKJ

Score

8^/10

bootkit defense_evasion discovery execution persistence

Static task

static1

Behavioral task

behavioral1

Sample

sample.js

Resource

win10v2004-20240802-en

bootkit defense_evasion discovery execution persistence

windows10-2004-x64

27 signatures

1800 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  77KB
- MD5
  
  ac7bb14b622c2d35219240671815bfd2
- SHA1
  
  dbcb098e25db3587c2d2b72e8a1dfdd9274e7fb2
- SHA256
  
  5f54d87c3a9f0ccf47783aa02c3e51d55edad950c717e0f59f1f307a45346251
- SHA512
  
  5ffa0a7c6ba57106d49768cd0232e6dd73e2ad630d03c3ef75f981a921bbe7d4c28d671d260c3c5614f6cabd9379f79398b9bad3b3a5cbe2f1f2015697e73bf1
- SSDEEP
  
  1536:O6QJFLCCwNieXvQehNFZuSuWtWWxTZdkG+NpcaEej3qcS/6aXWKjpsvH6ZJsnfJC:pQJFLhwTRZdkG+NpcaEej3qcS/6aXWKJ
Score

8^/10

bootkit defense_evasion discovery execution persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Probable phishing domain
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdefense_evasiondiscoveryexecutionpersistence

© 2018-2024

Terms | Privacy