8c6eef98839661d07d146aef292a886e35b40c546b6af699a7ebc6e49481e830 | Triage

Submit
Reports

Overview

overview

9

Static

static

8c6eef9883...30.exe

windows7_x64

9

8c6eef9883...30.exe

windows10-2004_x64

9

Sharing

General

Target

8c6eef98839661d07d146aef292a886e35b40c546b6af699a7ebc6e49481e830
Size

1.7MB
Sample

220516-n2mlksadc9
MD5

cd39bf5cd8dcf1222df0d83f215815e8
SHA1

9f83113e68e74aa57085c3b4af1d06f0a665be0a
SHA256

8c6eef98839661d07d146aef292a886e35b40c546b6af699a7ebc6e49481e830
SHA512

c0575ed94f6591b924d73e56ff4fc05857b12ee8b46aaceacb35b68b7edbf8521d634f408a133d1640d41e28586b8d722eea0e56b387c42134380c3aed27d076

Score

9^/10

bootkit discovery evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

8c6eef98839661d07d146aef292a886e35b40c546b6af699a7ebc6e49481e830.exe

Resource

win7-20220414-en

bootkit discovery evasion persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8c6eef98839661d07d146aef292a886e35b40c546b6af699a7ebc6e49481e830.exe

Resource

win10v2004-20220414-en

bootkit discovery evasion persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  8c6eef98839661d07d146aef292a886e35b40c546b6af699a7ebc6e49481e830
- Size
  
  1.7MB
- MD5
  
  cd39bf5cd8dcf1222df0d83f215815e8
- SHA1
  
  9f83113e68e74aa57085c3b4af1d06f0a665be0a
- SHA256
  
  8c6eef98839661d07d146aef292a886e35b40c546b6af699a7ebc6e49481e830
- SHA512
  
  c0575ed94f6591b924d73e56ff4fc05857b12ee8b46aaceacb35b68b7edbf8521d634f408a133d1640d41e28586b8d722eea0e56b387c42134380c3aed27d076
Score

9^/10

bootkit discovery evasion persistence
- Looks for VirtualBox Guest Additions in registry
  evasion
- Executes dropped EXE
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistence

behavioral2

bootkitdiscoveryevasionpersistence

© 2018-2024

Terms | Privacy