General
-
Target
uiso@_2808.exe
-
Size
1.2MB
-
Sample
210301-jzatr3v9fe
-
MD5
96a873bd4fbe8a4de6d6c2ce9dcad4e0
-
SHA1
ae6f5c8f5b5040f88ecba5c5c2b32219079f2336
-
SHA256
f7b46393eacf40b9b9ed8a7b3389a086f72de5f311306304c9a40056d4f81db7
-
SHA512
7a12def5cd379c4d8ee1465b3a4035ba671ba1c3cb6e4d63bcad50dde93cb439799e153da8b6e96e8cc4ee811ae7c836e71858c9cdfc8c1455618f44daab071c
Static task
static1
Behavioral task
behavioral1
Sample
uiso@_2808.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
uiso@_2808.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
uiso@_2808.exe
-
Size
1.2MB
-
MD5
96a873bd4fbe8a4de6d6c2ce9dcad4e0
-
SHA1
ae6f5c8f5b5040f88ecba5c5c2b32219079f2336
-
SHA256
f7b46393eacf40b9b9ed8a7b3389a086f72de5f311306304c9a40056d4f81db7
-
SHA512
7a12def5cd379c4d8ee1465b3a4035ba671ba1c3cb6e4d63bcad50dde93cb439799e153da8b6e96e8cc4ee811ae7c836e71858c9cdfc8c1455618f44daab071c
Score10/10-
Registers COM server for autorun
-
Enumerates VirtualBox registry keys
-
Looks for VirtualBox Guest Additions in registry
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Registry Run Keys / Startup Folder
3Bootkit
1Hidden Files and Directories
1Defense Evasion
Virtualization/Sandbox Evasion
3Modify Registry
5Install Root Certificate
1Hidden Files and Directories
1