239dbd0a3537492c89f670b769dc58f406a109f886f057feca8ad629172db3ec | Triage

Submit
Reports

Overview

overview

8

Static

static

1

message (5).txt

windows10-ltsc 2021-x64

8

Sharing

General

Target

message (5).txt
Size

9KB
Sample

241030-xcrnnsxrbx
MD5

d7079044fa73d1a3700f79e369118acc
SHA1

37b55200b91b3d0f50235de42f75b3680df9aef5
SHA256

239dbd0a3537492c89f670b769dc58f406a109f886f057feca8ad629172db3ec
SHA512

942d5aab0b6f7847dd43e77e9bc32016632a867f1b8e12a07f9b673f7c05fbf4a02edecd28ef7afa8c03ed42b1fb0d1633f02a41899bf54d9702bcba58592370
SSDEEP

192:EtYGv+TMx+3PIt703mi5gFF1SrD1Srp1SrTU0R7EhEAPrt4GuK7leKRIo4kJ0HIE:EtYS+TMx+3PIelgFF1SrD1Srp1SrjZEY

Score

8^/10

bootkit defense_evasion discovery exploit persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

message (5).txt

Resource

win10ltsc2021-20241023-en

bootkit defense_evasion discovery exploit persistence privilege_escalation

windows10-ltsc 2021-x64

24 signatures

300 seconds

Malware Config

Targets

- Target
  
  message (5).txt
- Size
  
  9KB
- MD5
  
  d7079044fa73d1a3700f79e369118acc
- SHA1
  
  37b55200b91b3d0f50235de42f75b3680df9aef5
- SHA256
  
  239dbd0a3537492c89f670b769dc58f406a109f886f057feca8ad629172db3ec
- SHA512
  
  942d5aab0b6f7847dd43e77e9bc32016632a867f1b8e12a07f9b673f7c05fbf4a02edecd28ef7afa8c03ed42b1fb0d1633f02a41899bf54d9702bcba58592370
- SSDEEP
  
  192:EtYGv+TMx+3PIt703mi5gFF1SrD1Srp1SrTU0R7EhEAPrt4GuK7leKRIo4kJ0HIE:EtYS+TMx+3PIelgFF1SrD1Srp1SrjZEY
Score

8^/10

bootkit defense_evasion discovery exploit persistence privilege_escalation
- Downloads MZ/PE file
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Modifies file permissions
  discovery
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Accessibility Features

Pre-OS Boot

Bootkit

Privilege Escalation

Access Token Manipulation

Create Process with Token

Event Triggered Execution

Accessibility Features

Defense Evasion

Access Token Manipulation

Create Process with Token

File and Directory Permissions Modification

Windows File and Directory Permissions Modification

Pre-OS Boot

Bootkit

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdefense_evasiondiscoveryexploitpersistenceprivilege_escalation

© 2018-2024

Terms | Privacy