Overview

overview

6

Static

static

7e601a2c00...9a.exe

windows7_x64

6

7e601a2c00...9a.exe

windows10-2004_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7e601a2c0019e9d902c025e0333d28024dadceb5e602009801910d660bef589a

  • Size

    3.3MB

  • Sample

    220520-eavnfagch7

  • MD5

    c30179e55fcf60c959ffca431511cea5

  • SHA1

    a1e8c2386b5dd07b462ca63ab7d97814c5cdef1c

  • SHA256

    7e601a2c0019e9d902c025e0333d28024dadceb5e602009801910d660bef589a

  • SHA512

    64b15854b785512cb188dc4116d25845c09209680cca87643164852a799c0d3ef4bb7bcaedd6bf2d890da567e860c468316c68e4be05b21f52569c0d5904108c

Score
6/10
bootkitpersistence

Malware Config

Targets

    • Target

      7e601a2c0019e9d902c025e0333d28024dadceb5e602009801910d660bef589a

    • Size

      3.3MB

    • MD5

      c30179e55fcf60c959ffca431511cea5

    • SHA1

      a1e8c2386b5dd07b462ca63ab7d97814c5cdef1c

    • SHA256

      7e601a2c0019e9d902c025e0333d28024dadceb5e602009801910d660bef589a

    • SHA512

      64b15854b785512cb188dc4116d25845c09209680cca87643164852a799c0d3ef4bb7bcaedd6bf2d890da567e860c468316c68e4be05b21f52569c0d5904108c

    Score
    6/10
    bootkitpersistence

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks