Overview

overview

8

Static

static

Antivirus ...ta.bat

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Antivirus software intelligence test3.0Beta.bat

  • Size

    899KB

  • Sample

    210822-z21f4h2fxx

  • MD5

    42257c09240247901b26df46e0013389

  • SHA1

    1d3469d932881759a14f9bae81ce0ea6e4a6ba3b

  • SHA256

    d1d1902deff948c1059f492dabcb348f0302370cad068e283efb12f00bb1d003

  • SHA512

    e1d2e8b3a194f8ab9f2ba9b61458ff9e968b07ab0cbc9b062888be4c2ded56decb4f8aec9385ee3d7a7b15fe8900d02ef0596d656ab80f7a7b57cd4b66140902

Score
8/10
bootkitdiscoverypersistenceupx

Malware Config

Targets

    • Target

      Antivirus software intelligence test3.0Beta.bat

    • Size

      899KB

    • MD5

      42257c09240247901b26df46e0013389

    • SHA1

      1d3469d932881759a14f9bae81ce0ea6e4a6ba3b

    • SHA256

      d1d1902deff948c1059f492dabcb348f0302370cad068e283efb12f00bb1d003

    • SHA512

      e1d2e8b3a194f8ab9f2ba9b61458ff9e968b07ab0cbc9b062888be4c2ded56decb4f8aec9385ee3d7a7b15fe8900d02ef0596d656ab80f7a7b57cd4b66140902

    Score
    8/10
    bootkitdiscoverypersistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

      discovery

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

File Permissions Modification

1
T1222

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks