3e2ed95a7bbc7686d52b382219bf127ab4127cfefcd197034c4db92775c3da5b | Triage

Submit
Reports

Overview

overview

8

Static

static

1

yes.txt

windows7-x64

1

yes.txt

windows10-2004-x64

Sharing

General

Target

yes.txt
Size

97B
Sample

240629-xybjksterd
MD5

df26a15228fd23c5aa016c270034ceff
SHA1

c0e23c418e46c9afb02a3ef9cbe84a387458de27
SHA256

3e2ed95a7bbc7686d52b382219bf127ab4127cfefcd197034c4db92775c3da5b
SHA512

d48b377e7981c85118789f164a522aeca18afa791e98b20c05f487a7bfe5daf57689bbba3108083d998830a6f957a06f0c8a194ca8edfe984157ee9238e79733

Score

8^/10

bootkit discovery evasion persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

yes.txt

Resource

win7-20240611-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

yes.txt

Resource

win10v2004-20240611-en

bootkit discovery evasion persistence privilege_escalation

windows10-2004-x64

31 signatures

150 seconds

Malware Config

Targets

- Target
  
  yes.txt
- Size
  
  97B
- MD5
  
  df26a15228fd23c5aa016c270034ceff
- SHA1
  
  c0e23c418e46c9afb02a3ef9cbe84a387458de27
- SHA256
  
  3e2ed95a7bbc7686d52b382219bf127ab4127cfefcd197034c4db92775c3da5b
- SHA512
  
  d48b377e7981c85118789f164a522aeca18afa791e98b20c05f487a7bfe5daf57689bbba3108083d998830a6f957a06f0c8a194ca8edfe984157ee9238e79733
Score

8^/10

bootkit discovery evasion persistence privilege_escalation
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Pre-OS Boot

Bootkit

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

bootkitdiscoveryevasionpersistenceprivilege_escalation

© 2018-2024

Terms | Privacy