Overview

overview

9

Static

static

1

PolarBoot.js

windows7-x64

3

PolarBoot.js

windows11-21h2-x64

Resubmissions

03-01-2025 18:12

250103-wtdygawnhv 10

03-01-2025 18:09

250103-wrsc3swnbz 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PolarBoot.exe

  • Size

    1KB

  • Sample

    250103-wrsc3swnbz

  • MD5

    23eb8f9e7d4b2191a925c0acec78d846

  • SHA1

    023ea9d53ad1d26695c7f9b9f655a8b6bf627eb4

  • SHA256

    1d2c73bff499484b33b1457320ff967d48469a96ff41874075bd4e48b6f72906

  • SHA512

    c638e22185d10767e6025d444f912be71292c022e8f483efadab31adc6f1a8210922527d2adbc880b99e27941b1eece8960253f28d50a771df8c079e160a23d8

Score
9/10
defense_evasiondiscoveryevasionexecutionransomware

Malware Config

Targets

    • Target

      PolarBoot.exe

    • Size

      1KB

    • MD5

      23eb8f9e7d4b2191a925c0acec78d846

    • SHA1

      023ea9d53ad1d26695c7f9b9f655a8b6bf627eb4

    • SHA256

      1d2c73bff499484b33b1457320ff967d48469a96ff41874075bd4e48b6f72906

    • SHA512

      c638e22185d10767e6025d444f912be71292c022e8f483efadab31adc6f1a8210922527d2adbc880b99e27941b1eece8960253f28d50a771df8c079e160a23d8

    Score
    9/10
    executiondefense_evasiondiscoveryevasionransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Downloads MZ/PE file

    • Enables test signing to bypass driver trust controls

      Allows any signed driver to load without validation against a trusted certificate authority.

      defense_evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks