Overview

overview

10

Static

static

244A9C5318...AD.exe

windows7_x64

10

244A9C5318...AD.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    244A9C5318E98599C60F3DACBFF48F4F0A898CCDA29AD.exe

  • Size

    184KB

  • Sample

    220427-bncs1afad6

  • MD5

    0a56a968a7f1c3d265acf38740a93d38

  • SHA1

    bf17dcba21603a6681f0f9bbec81d356e33d9029

  • SHA256

    244a9c5318e98599c60f3dacbff48f4f0a898ccda29ad8a6a8625e3cfe0dbc22

  • SHA512

    81d90036885ec7389f146bef660a8553a76179972ddffa5e001f74104165166cf0aad2355db6c80575b26c7b5012aea973470f02913ba128c28e71449f03919f

Score
10/10
bootkitpersistencesuricata

Malware Config

Targets

    • Target

      244A9C5318E98599C60F3DACBFF48F4F0A898CCDA29AD.exe

    • Size

      184KB

    • MD5

      0a56a968a7f1c3d265acf38740a93d38

    • SHA1

      bf17dcba21603a6681f0f9bbec81d356e33d9029

    • SHA256

      244a9c5318e98599c60f3dacbff48f4f0a898ccda29ad8a6a8625e3cfe0dbc22

    • SHA512

      81d90036885ec7389f146bef660a8553a76179972ddffa5e001f74104165166cf0aad2355db6c80575b26c7b5012aea973470f02913ba128c28e71449f03919f

    Score
    10/10
    bootkitpersistencesuricata

    • suricata: ET MALWARE Backdoor family PCRat/Gh0st CnC traffic

      suricata: ET MALWARE Backdoor family PCRat/Gh0st CnC traffic

      suricata

    • suricata: ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102

      suricata: ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102

      suricata

    • Sets DLL path for service in the registry

      persistence

    • Deletes itself

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks