8f7a2e285633068b4aaac96a8c0335c6e015cbe1f297b9a67b71c20505b743c4 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

RTC_Launcher.exe

windows10-2004-x64

Sharing

General

Target

RTC_Launcher.exe
Size

642KB
Sample

250328-sb2p2axwdz
MD5

aa4a09b39e2f72a5de8a474893930b0b
SHA1

2dd5a014d3a1bc46e5caa0f64fdf6367e2d1fd75
SHA256

8f7a2e285633068b4aaac96a8c0335c6e015cbe1f297b9a67b71c20505b743c4
SHA512

97488b8cddb73d34daa9775cfe617ccd045ad009ca5b069c967c5efef8f6a6c1b86f5521d6b5eb49c232d69fe75c6d5a7e62bd915f316326a5941e5d3ca85b45
SSDEEP

12288:ENoZIcBkqjVnl36ud0zR/6CtQ9PUHIG8DZ:2oZzkqjVnlqud+/2P+A

Score

8^/10

bootkit defense_evasion discovery persistence privilege_escalation

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

RTC_Launcher.exe

Resource

win10v2004-20250314-en

bootkit defense_evasion discovery persistence privilege_escalation

windows10-2004-x64

28 signatures

150 seconds

Malware Config

Targets

- Target
  
  RTC_Launcher.exe
- Size
  
  642KB
- MD5
  
  aa4a09b39e2f72a5de8a474893930b0b
- SHA1
  
  2dd5a014d3a1bc46e5caa0f64fdf6367e2d1fd75
- SHA256
  
  8f7a2e285633068b4aaac96a8c0335c6e015cbe1f297b9a67b71c20505b743c4
- SHA512
  
  97488b8cddb73d34daa9775cfe617ccd045ad009ca5b069c967c5efef8f6a6c1b86f5521d6b5eb49c232d69fe75c6d5a7e62bd915f316326a5941e5d3ca85b45
- SSDEEP
  
  12288:ENoZIcBkqjVnl36ud0zR/6CtQ9PUHIG8DZ:2oZzkqjVnlqud+/2P+A
Score

8^/10

bootkit defense_evasion discovery persistence privilege_escalation
- Disables Task Manager via registry modification
  defense_evasion
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Pre-OS Boot

Bootkit

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdefense_evasiondiscoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy