aeba954a9b3afa58807aad0b266745c8bad637ac2cfedf3cfb4f11745ad85fea | Triage

Submit
Reports

Overview

overview

Static

static

8

aeba954a9b...ea.exe

windows7_x64

aeba954a9b...ea.exe

windows10-2004_x64

1

Sharing

General

Target

aeba954a9b3afa58807aad0b266745c8bad637ac2cfedf3cfb4f11745ad85fea
Size

1008KB
Sample

220520-emr33shah3
MD5

8d17b6f739b852720928542609534f25
SHA1

ba078a4a2adc7766e94d36b53c2d1082b4e21be3
SHA256

aeba954a9b3afa58807aad0b266745c8bad637ac2cfedf3cfb4f11745ad85fea
SHA512

74cdb18a02f0d31051d1b598677a364106a1d0d07ba5db6dd4a019dc6af9df919307eb9a9c8be8c4945adf3cf458b07b501ce7c63fc396fb9a04b3ff3104607b

Score

10^/10

bootkit discovery persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

aeba954a9b3afa58807aad0b266745c8bad637ac2cfedf3cfb4f11745ad85fea.exe

Resource

win7-20220414-en

bootkit discovery persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

aeba954a9b3afa58807aad0b266745c8bad637ac2cfedf3cfb4f11745ad85fea.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  aeba954a9b3afa58807aad0b266745c8bad637ac2cfedf3cfb4f11745ad85fea
- Size
  
  1008KB
- MD5
  
  8d17b6f739b852720928542609534f25
- SHA1
  
  ba078a4a2adc7766e94d36b53c2d1082b4e21be3
- SHA256
  
  aeba954a9b3afa58807aad0b266745c8bad637ac2cfedf3cfb4f11745ad85fea
- SHA512
  
  74cdb18a02f0d31051d1b598677a364106a1d0d07ba5db6dd4a019dc6af9df919307eb9a9c8be8c4945adf3cf458b07b501ce7c63fc396fb9a04b3ff3104607b
Score

10^/10

bootkit discovery persistence
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

© 2018-2024

Terms | Privacy