Overview

overview

8

Static

static

1

R61Tex.png

windows10-ltsc 2021-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    R61Tex.png

  • Size

    38KB

  • Sample

    250218-lv538szjcr

  • MD5

    f5898706e57d4edf306fec196d1c465b

  • SHA1

    4dcae202a36eb08b1c632a89ac9382f6cc927b2b

  • SHA256

    0f9b67c6bb9d4921af1c6b73139206c426c7de49f3ddb7d434a319669d1b1292

  • SHA512

    c85cb9fa575f2b3628d591733297df09302581bddbf0841175c51fcf6bbc1ab84665930c9bfac7f7b0199218c141b049c248107481432d7adbe9ea451849681b

  • SSDEEP

    768:+oUWLrMMIVMP6uRk44WtH5FbS8nGBv4jdL+1iIsOuZorEQ:WWLXIVMPO44Mfdp64rst

Score
8/10
bootkitdefense_evasiondiscoveryexecutionpersistence

Malware Config

Targets

    • Target

      R61Tex.png

    • Size

      38KB

    • MD5

      f5898706e57d4edf306fec196d1c465b

    • SHA1

      4dcae202a36eb08b1c632a89ac9382f6cc927b2b

    • SHA256

      0f9b67c6bb9d4921af1c6b73139206c426c7de49f3ddb7d434a319669d1b1292

    • SHA512

      c85cb9fa575f2b3628d591733297df09302581bddbf0841175c51fcf6bbc1ab84665930c9bfac7f7b0199218c141b049c248107481432d7adbe9ea451849681b

    • SSDEEP

      768:+oUWLrMMIVMP6uRk44WtH5FbS8nGBv4jdL+1iIsOuZorEQ:WWLXIVMPO44Mfdp64rst

    Score
    8/10
    bootkitdefense_evasiondiscoveryexecutionpersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks