Overview

overview

8

Static

static

grldrinst.exe

windows7_x64

1

grldrinst.exe

windows10-2004_x64

1

grubinstGui2.exe

windows7_x64

8

grubinstGui2.exe

windows10-2004_x64

8

msvbvm60.dll

windows7_x64

1

msvbvm60.dll

windows10-2004_x64

1

mtldrinst.exe

windows7_x64

1

mtldrinst.exe

windows10-2004_x64

1

myvolume.dll

windows7_x64

3

myvolume.dll

windows10-2004_x64

3

下载说明.htm

windows7_x64

1

下载说明.htm

windows10-2004_x64

1

使用帮...).url

windows7_x64

1

使用帮...).url

windows10-2004_x64

1

欢迎来...t2.doc

windows7_x64

4

欢迎来...t2.doc

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6aa5d04137f934fe59dce47a1d51b1c6affc4298ddc5e44b6630e39a4552b2ae

  • Size

    880KB

  • Sample

    220520-e437nscgfk

  • MD5

    186993c6317b7e8f43df4dfb007a0eeb

  • SHA1

    1c206ed99ec61e6d45700b33929789bc15a8c45f

  • SHA256

    6aa5d04137f934fe59dce47a1d51b1c6affc4298ddc5e44b6630e39a4552b2ae

  • SHA512

    70873a073681bc163421dd4f70ddab0d2e1e6c97a6ab05a06a636bf1ff961809264b1ef722f39c85f2dfa13e38567e087a0a0ae44a4b9377676e37c3348324cd

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      grldrinst.exe

    • Size

      34KB

    • MD5

      492e2b7d6d688c33ee6c4ee6a1abf298

    • SHA1

      9737c2758960c541c24756d44204409b5d43cf01

    • SHA256

      e99e7db52c4e7431dda2b61074ec46b623e49a0eaeb2b789c27080b35b67c9e3

    • SHA512

      c887238bd35d80dc11ca9d877df1f0cd3efa01b65cbf32b0c51f891127d93d1a28a4d256a4d68fac67d05a624c70ae98fda7929b11429af6718012879807292a

    Score
    1/10
    behavioral1behavioral2

    • Target

      grubinstGui2.exe

    • Size

      216KB

    • MD5

      3b23e12bff983d52dbca22c700e9338a

    • SHA1

      52dcde5bc8934ab70b76a21f6a559626129834c6

    • SHA256

      974a20e3681cbedd1674c4fadacf1481e6e7f1985f69589caf37313464fa1a19

    • SHA512

      991fd833b1a3363680fa35cf709c39a9bce426d6e6e0d0453b7fe263a5b0f2174f9eacdc8e03d468c6001e2b25f4eb1a27b391fcb05ad0237d6cab6397740426

    Score
    8/10
    bootkitpersistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral3behavioral4

    • Target

      msvbvm60.dll

    • Size

      1.3MB

    • MD5

      5343a19c618bc515ceb1695586c6c137

    • SHA1

      4dedae8cbde066f31c8e6b52c0baa3f8b1117742

    • SHA256

      2246b4feae199408ea66d4a90c1589026f4a5800ce5a28e583b94506a8a73dce

    • SHA512

      708d8a252a167fa94e3e1a49e2630d07613ff75a9a3e779a0c1fcbec44aa853a68c401f31a2b84152f46a05f7d93f4e5e502afc7a60236a22ac58dea73fa5606

    Score
    1/10
    behavioral5behavioral6

    • Target

      mtldrinst.exe

    • Size

      45KB

    • MD5

      a1d33b80e8d5b80ed549811fd3070018

    • SHA1

      1967be963184532df6af0a126d26c6a9798a4ad6

    • SHA256

      fbc13115ccac312a521570df7818518ec3cc1c7f6d17dd98a44f17c96236c219

    • SHA512

      d9c9c6172d0804617abadab4bd3b50839baef013f8536b38d292345d9f07526d79ac7311a2b9c15a44fbb220b31282f857b97a1988e79f5878f9deeded322514

    Score
    1/10
    behavioral7behavioral8

    • Target

      myvolume.dll

    • Size

      112KB

    • MD5

      ecacbb02d6a0612d0a2a785d74bab56f

    • SHA1

      9656999b984e139aa8c6d9e30c9502cbf23b7989

    • SHA256

      96006ab170cc690af5ce388e94c44cbb076cdfff3acd274383c6f13738b4b2b7

    • SHA512

      0a68fad847639ff7114b82fd66f4c34c3a27ba1539baf4e6a7878a61a70258ea602baa56c53ba16a73682f8d8160abb2be6d1e7dc07a739d3bc7b8972515a68c

    Score
    3/10
    behavioral9behavioral10

    • Target

      下载说明.htm

    • Size

      3KB

    • MD5

      9bd1ac9ead8eda95e8284f12ddba89e2

    • SHA1

      44ad2b426711da0bc122d500b9117808385bd406

    • SHA256

      54198ae94a082537ca82686954de11084ebb050917b65871fe1639c2c1a308b8

    • SHA512

      e94611639a7396705f684055fa762db261bbaffb2d7b459b1fddbd44d25358b3bb3111ae84a8bc444388f26908193fbfa79c232570f52a38f1c49fb57b322850

    Score
    1/10
    behavioral11behavioral12

    • Target

      使用帮助(河东软件园).url

    • Size

      216B

    • MD5

      6a29fdd9a578559f631bd0c0919539f2

    • SHA1

      7ba1e243d907b6893f798dbd6169ee057e4845e9

    • SHA256

      6592450b9c9233d6d1a751020b3514bd20512d1224983c774e633ab2dee7b2c9

    • SHA512

      6eee5fe42d1105523e0555ba90f6a98237293983238a80342a62bb7dc1cb1a5b00081a447ae3a0d36f67ace197f288315f816f6da9ea27457753efb625793cc1

    Score
    1/10
    behavioral13behavioral14

    • Target

      欢迎来到 grubinst2.doc

    • Size

      206KB

    • MD5

      eca075bb637f2228ecf911b2d10eeb33

    • SHA1

      eada267873cfdde7d14e92794ed22e95bb543a4d

    • SHA256

      d39eb615c760f9dba0c642e8466c1eb70b40c48965303be3f881a3edd1d6facd

    • SHA512

      91a4421e9c909ca6c95fa081efc8865adcb7a868bede910af695150b16b79a77526754498cf635af256d8c8c31da09c2cba10b26e480728a39933244dcf86b13

    Score
    4/10
    behavioral15behavioral16

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks