a6cebeb00e23f69189901beeef2a6f245281144730f641733949c4360ba6415e | Triage

Submit
Reports

Overview

overview

8

Static

static

1

2024-03-06...25.z03

windows10-2004-x64

Sharing

General

Target

2024-03-06_21-25-25.z03
Size

25.0MB
Sample

240630-wmp26avelp
MD5

06644c1b4e9a077db1ac51bf794fdc21
SHA1

237aa64fbcf0c5fd265e2f49708099f470cd44c8
SHA256

a6cebeb00e23f69189901beeef2a6f245281144730f641733949c4360ba6415e
SHA512

25064600d0bc7cfd2b56491baf4a7d19611abe2c28af4eac10625bcd27c94623e16fba9216c5167adbc3961fa99194ed5ff1cf1597100f23990d6257c7361c13
SSDEEP

786432:2A8FmJk+m7WRNsc/uwFZNogpMDsAp5HsmxK:2Ahi+1skFPobDscsmxK

Score

8^/10

bootkit persistence

Static task

static1

Behavioral task

behavioral1

Sample

2024-03-06_21-25-25.z03

Resource

win10v2004-20240508-en

bootkit persistence

windows10-2004-x64

17 signatures

1200 seconds

Malware Config

Targets

- Target
  
  2024-03-06_21-25-25.z03
- Size
  
  25.0MB
- MD5
  
  06644c1b4e9a077db1ac51bf794fdc21
- SHA1
  
  237aa64fbcf0c5fd265e2f49708099f470cd44c8
- SHA256
  
  a6cebeb00e23f69189901beeef2a6f245281144730f641733949c4360ba6415e
- SHA512
  
  25064600d0bc7cfd2b56491baf4a7d19611abe2c28af4eac10625bcd27c94623e16fba9216c5167adbc3961fa99194ed5ff1cf1597100f23990d6257c7361c13
- SSDEEP
  
  786432:2A8FmJk+m7WRNsc/uwFZNogpMDsAp5HsmxK:2Ahi+1skFPobDscsmxK
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitpersistence

© 2018-2024

Terms | Privacy