3f1e28e961239c01602b1ce7555f51778c9f369b059ef07b75a7d9dee70ff8b1 | Triage

Submit
Reports

Overview

overview

8

Static

static

6

ฺฺฺK...ฺฺ

windows10_x64

8

Resubmissions

18-11-2020 17:38

201118-q5ksdz5fts 8

18-11-2020 16:27

201118-55lnpg8fkn 8

Sharing

General

Target

api.exe
Size

22.9MB
Sample

201118-q5ksdz5fts
MD5

3561a1c35184a0b60b89f4b560a9660d
SHA1

e39442388db90a088a8eb8ce46d4f61182334a1b
SHA256

3f1e28e961239c01602b1ce7555f51778c9f369b059ef07b75a7d9dee70ff8b1
SHA512

7a83a669e8a72d6ec83952c9d57cc8059a6fff6f3564dab69ad50ca939a7d8e3f3d7d9ed74f8d06d060a39f8c4525fcfdcdecf2550c6fe57da0bef3df1f5ee75

Score

8^/10

bootkit discovery persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

api.exe

Resource

win10v20201028

bootkit discovery persistence spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  api.exe
- Size
  
  22.9MB
- MD5
  
  3561a1c35184a0b60b89f4b560a9660d
- SHA1
  
  e39442388db90a088a8eb8ce46d4f61182334a1b
- SHA256
  
  3f1e28e961239c01602b1ce7555f51778c9f369b059ef07b75a7d9dee70ff8b1
- SHA512
  
  7a83a669e8a72d6ec83952c9d57cc8059a6fff6f3564dab69ad50ca939a7d8e3f3d7d9ed74f8d06d060a39f8c4525fcfdcdecf2550c6fe57da0bef3df1f5ee75
Score

8^/10

bootkit discovery persistence spyware
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistencespyware

© 2018-2024

Terms | Privacy