Overview

overview

8

Static

static

theHunter ...er.exe

windows7_x64

8

theHunter ...er.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9026f8300c35cbc1294e290cedfd94dab0d4fc29db03bc21bbf0d3814ec2ff66

  • Size

    6.0MB

  • Sample

    220520-fk77ysdffm

  • MD5

    b1e554968c8757ea800b6d6c622c6a07

  • SHA1

    68e0387afd3a905f893549560220e76f4e3eebbd

  • SHA256

    9026f8300c35cbc1294e290cedfd94dab0d4fc29db03bc21bbf0d3814ec2ff66

  • SHA512

    06cd6b6e03d5036346b250b8d48cd9de57cffbea79cc86441fddc4c2114c824debf2cbe5b1cdf9e13490295f0fac67aff0e237a11e4653ab7d0065e6689ebccf

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      theHunter Call of the Wild v1.0-v1.21 Plus +13 Trainer.exe

    • Size

      6.1MB

    • MD5

      910e90ff062405be912274a4d7220319

    • SHA1

      17b2b28b0dcefa014bc91da00909740e73b8e6c6

    • SHA256

      3911090c49c42ddc26c497467f1509e5bf09f33a2b8ecf922e87c1dcb30567a1

    • SHA512

      91e9402b5f21dc3a726afb73c40da0c21b53da3b195591a74242c232626dd3d905e9f51e6f7bab3f06fea30464cf1e7cbc264ea77e0923e59f4c5c0291fabe6e

    Score
    8/10
    bootkitpersistence

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks