d94750830fcd3dadb1d2343135f5136042d63451712272a2d7c496d50940efaa | Triage

Submit
Reports

Overview

overview

Static

static

1

sample.html

windows7-x64

sample.html

windows10-2004-x64

7

Resubmissions

13-12-2024 20:04

241213-ytcrhszkhq 3

13-12-2024 19:58

241213-yp8cmaxqh1 10

13-12-2024 19:57

241213-ypg6fazkfr 4

13-12-2024 19:55

241213-ym6e9axqgz 3

Sharing

General

Target

sample
Size

8KB
Sample

241213-yp8cmaxqh1
MD5

be3ab1d1fc19b664b3de254beb3086ef
SHA1

e944fdcb2d62e379c71624fa6e2815afd3cf7fba
SHA256

d94750830fcd3dadb1d2343135f5136042d63451712272a2d7c496d50940efaa
SHA512

bb9ba4db70d7315c21ee1497178418f0a6cd3a27f406595621f0fee4643168c9dd806d5dc01178004cd498224e093778d17faea78be1f890e8580b1d23c5c3e4
SSDEEP

192:PN2x2BpZge0zxfu/phJmw1fx+G4xrECBk1GVDSkXybwN:Axi0zxfaJpVlARGhwN

Score

10^/10

bootkit google microsoft discovery execution persistence phishing

Static task

static1

Behavioral task

behavioral1

Sample

sample.html

Resource

win7-20240903-en

google microsoft discovery phishing

windows7-x64

24 signatures

300 seconds

Behavioral task

behavioral2

Sample

sample.html

Resource

win10v2004-20241007-en

bootkit discovery execution persistence phishing

windows10-2004-x64

17 signatures

300 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  8KB
- MD5
  
  be3ab1d1fc19b664b3de254beb3086ef
- SHA1
  
  e944fdcb2d62e379c71624fa6e2815afd3cf7fba
- SHA256
  
  d94750830fcd3dadb1d2343135f5136042d63451712272a2d7c496d50940efaa
- SHA512
  
  bb9ba4db70d7315c21ee1497178418f0a6cd3a27f406595621f0fee4643168c9dd806d5dc01178004cd498224e093778d17faea78be1f890e8580b1d23c5c3e4
- SSDEEP
  
  192:PN2x2BpZge0zxfu/phJmw1fx+G4xrECBk1GVDSkXybwN:Axi0zxfaJpVlARGhwN
Score

10^/10

google microsoft discovery phishing bootkit execution persistence
- Detected google phishing page
  phishing google
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Detected potential entity reuse from brand GOOGLE.
  phishing google
- Detected potential entity reuse from brand MICROSOFT.
  phishing microsoft
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

googlemicrosoftdiscoveryphishing

behavioral2

bootkitdiscoveryexecutionpersistencephishing

© 2018-2024

Terms | Privacy