a6dc6c9350b5c01ab00c4241cf233f9d69910f1c431fb25e1fda63e463c64642 | Triage

Submit
Reports

Overview

overview

8

Static

static

mysetup.exe

windows7_x64

8

mysetup.exe

windows10_x64

8

mysetup.exe

windows10-2004_x64

8

Sharing

General

Target

mysetup.exe
Size

115.3MB
Sample

220519-cslgdacfhk
MD5

1c32da9a18b51af4ac59579322a8c5c7
SHA1

f09d16ee1822139e4bad3958bd46537c16552c30
SHA256

a6dc6c9350b5c01ab00c4241cf233f9d69910f1c431fb25e1fda63e463c64642
SHA512

62699c67e96808655cb3b20350e9b44fc8cb132c1153a3228a2a90c8be5dde445dc5113d7d765fda31e44c425d615b1622d497e1d54cb5890d7c402282081c57

Score

8^/10

bootkit discovery evasion persistence upx vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

mysetup.exe

Resource

win7-20220414-en

discovery evasion upx vmprotect

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

mysetup.exe

Resource

win10-20220414-en

discovery upx vmprotect

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

mysetup.exe

Resource

win10v2004-20220414-en

bootkit discovery persistence upx vmprotect

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  mysetup.exe
- Size
  
  115.3MB
- MD5
  
  1c32da9a18b51af4ac59579322a8c5c7
- SHA1
  
  f09d16ee1822139e4bad3958bd46537c16552c30
- SHA256
  
  a6dc6c9350b5c01ab00c4241cf233f9d69910f1c431fb25e1fda63e463c64642
- SHA512
  
  62699c67e96808655cb3b20350e9b44fc8cb132c1153a3228a2a90c8be5dde445dc5113d7d765fda31e44c425d615b1622d497e1d54cb5890d7c402282081c57
Score

8^/10

discovery evasion upx vmprotect bootkit persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Modify Existing Service

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionupxvmprotect

behavioral2

discoveryupxvmprotect

behavioral3

bootkitdiscoverypersistenceupxvmprotect

© 2018-2024

Terms | Privacy