General

  • Target

    434418d5340303195e208d73a3c0d7584a6348b63a46c3ed057b019a70a9bef1

  • Size

    12.3MB

  • Sample

    220520-p6ay1sceg4

  • MD5

    44bc8347e5d0d7d551de3a3403a9cc40

  • SHA1

    d00a3d4148ec4c3d53212445f6060fd3f49a70e0

  • SHA256

    434418d5340303195e208d73a3c0d7584a6348b63a46c3ed057b019a70a9bef1

  • SHA512

    07170d6330d2f58670cb1d4caa800f4055b25b0983df2e9c6a93a0981dcd128fa60f0c6bf68492db86da6d6faeab18b959df4794012a4ad92975334de2b4a0c6

Malware Config

Targets

    • Target

      revslider/up.php

    • Size

      499B

    • MD5

      b2218e2189a210da081b495850a908a7

    • SHA1

      a24ae81090aeb43807d13a54426b76a65aeefcd0

    • SHA256

      7471b132c955e08f7072d9a3f5676b4642e33d14837aac9412e3e265f4baf37b

    • SHA512

      9f0fbdea091e03633f489bd9ede5b70aa30758a52364cb586d78f82e62f98637c23d59759718a66bb95ae4be06fd938f521b3ada6b68cf0b480d6972aa0c244a

    Score
    1/10
    • Target

      Tools/Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exe

    • Size

      5.0MB

    • MD5

      984e28e70d1000272a2ab61e34d12d6e

    • SHA1

      35f4fa8d9e8779504300aa449b862ff119ceee49

    • SHA256

      bfea6b1ba80a8b663c54dba0aa6e45ad3a4e8ff005a82adfed88aab78b2ffb85

    • SHA512

      2f22420c2d697932337ac990afccbfbb0bc6b9946845b6eac8ec8ed88e3150ccde211b3b10fe78747683540d6f4696b36545a324c3d55cf56873623530c55c8b

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Tools/dbkiss.php

    • Size

      147KB

    • MD5

      94aaed9bb1f5ce18e6dc2f3ac1ea89ee

    • SHA1

      8dd41e80a0920ff6feed4fbf98a6aac47afc25a6

    • SHA256

      71c6768fc20fc36b95f84af22cbfb9d6297fe89e0b3b0aeabdddce51fbfc7488

    • SHA512

      540cfdd49c8a4c44355854a9ca7e1e268423bd11539c5dc2783bf158b183f93da566c3be71639657dcb41db4582be41beec735fe88e5b5d8deafc12de2c483a4

    Score
    1/10
    • Target

      Tools/index.html

    • Size

      216B

    • MD5

      10a144bb507a2c13d57bcdfcce1afdff

    • SHA1

      4204bed987a394859d55745066599beff45dbbcc

    • SHA256

      715e50a3b287803f794e50357b51ff4d716da983ba312971d48d7d0471679e58

    • SHA512

      0b21345b1989421c4869caa4d82e305181ab8326c335533c158814ce459b0bc5186b39eb472a87b0afa928e4f2f759211cb300c3c39f50fa848dc878d389d859

    Score
    1/10
    • Target

      Tools/jce/MSINET.OCX

    • Size

      170KB

    • MD5

      07f7242c593fd99e8589600bb2691cd3

    • SHA1

      e655e586c4606373831bb81fb2dc391799cfb942

    • SHA256

      2c29130e637aac9b2ea53544a3194d1e637e8a37ead769f0737afae60b52785b

    • SHA512

      2868d70b93afb81bc8584d8d1ae8310a9d4c877981ce0042b3f43f4684e321fef40bf45f0cf01302a548aa713ee63ad6d39a54f4c65a0a04722d2e58a579e9f9

    Score
    1/10
    • Target

      Tools/leafmailer.php

    • Size

      144KB

    • MD5

      9caecb84363b93c0a394bd2ab7df891e

    • SHA1

      88b7943773cd186f7022a58af10fe464c21d9e42

    • SHA256

      8ecccb3fc959a9c257adf776488dd8b91c8626f97260a315fdb9f5cb914e7eb5

    • SHA512

      774789a757be3c1b1797232304e6e04e175d2c44aeb05e297d6cb9d3595bceae708898712cf99dc15a6a904a72813ccad28dafc55a81d86f8630c664ac567135

    Score
    1/10
    • Target

      Tools/letter.html

    • Size

      17KB

    • MD5

      d688c0ef5dc5f9ab902ce5fd964e8de0

    • SHA1

      eb4312bab5410c176bedf5b6a1ac6346eedb7201

    • SHA256

      bff78a0395db26fe4218c03c60b0e6b86816e92ec939c3e8a7726a689c699bb9

    • SHA512

      d31ea2dc713e2afc66a03a1b6c5db3eac30a557bed0416d1e2ea5ef93dcd76081612a7abb182ff2e3300acf41f48184a6a5a3518f8db64112471c15eab162bff

    Score
    1/10
    • Target

      Tools/lol.py

    • Size

      1KB

    • MD5

      09671677c4239c1a08891d57a0203c3a

    • SHA1

      95cd61b8721cdae7a61190882a546c630a23cdad

    • SHA256

      c5edfecca82fc5a0d9ae9052402d625689ec04796052b94d3faa42585b01f75d

    • SHA512

      68505892cada436168e55e0edc71d1c859c8d3545cd54cd28762fb37161745d270668f1e049d4aac78c5e0ca87a30a4c368eefcb610e83272ec0bfadc23425ab

    Score
    1/10
    • Target

      Tools/sqlmap/doc/FAQ.pdf

    • Size

      304KB

    • MD5

      49c4b1884e95860c331e39e6fdf1a522

    • SHA1

      d1de0070816bdcecb4681f1ac6910fec87c5e5bc

    • SHA256

      da0f7469664ceb99267b7e37314217494dbd4ca142d67e234f43c6cfa3686054

    • SHA512

      1a665a0cf9b2386bab46c6d6f1fd2ff2581ad05e28503a036d053d4d76d82daf89921a5091fe6c8a4447d47bc81a8403b42abb27281e959196262c2ca1afa6c8

    Score
    1/10
    • Target

      Tools/sqlmap/doc/README.pdf

    • Size

      482KB

    • MD5

      5755dce255abb114e6d626d9b30e0fa4

    • SHA1

      af5ce62bfcff9a88b20be403e22b24aac40f3f5f

    • SHA256

      41356dbd3899b8de9f9b0bff176a17a0c6b9e89409ff390fbaf7eba4d9f175bb

    • SHA512

      e2e9d9b1280ebf0365b1b2fc4efd7036e18b6113527ceea4b3ad4e26f74683111be8965f1e1a119634bc1668c7548c322c6998bb06effc640300812e837549fb

    Score
    1/10
    • Target

      Tools/sqlmap/extra/__init__.py

    • Size

      150B

    • MD5

      cc9c82cfffd8ee9b25ba3af6284f057e

    • SHA1

      e2d0459aac0f7c653f62ea7e6175b32dabd37581

    • SHA256

      b5b0a56179f4dfe84e20785c18987e7f53b8a41efda17e3b274c416662c9443e

    • SHA512

      e401dbcf2d330ecc145a88b8de96df878faa45a3b6ddd9b0115107d1f6b5681e17fd0d432b1e4f4112bc3a3098c3698d2061107c0d23ad9cc218cd3970512fee

    Score
    1/10
    • Target

      Tools/sqlmap/extra/beep/__init__.py

    • Size

      150B

    • MD5

      cc9c82cfffd8ee9b25ba3af6284f057e

    • SHA1

      e2d0459aac0f7c653f62ea7e6175b32dabd37581

    • SHA256

      b5b0a56179f4dfe84e20785c18987e7f53b8a41efda17e3b274c416662c9443e

    • SHA512

      e401dbcf2d330ecc145a88b8de96df878faa45a3b6ddd9b0115107d1f6b5681e17fd0d432b1e4f4112bc3a3098c3698d2061107c0d23ad9cc218cd3970512fee

    Score
    1/10
    • Target

      Tools/sqlmap/extra/beep/beep.py

    • Size

      2KB

    • MD5

      c981335b0035fe8d5667d1c952e641e4

    • SHA1

      21d8e3f53cd076bd732d393ab83374a3ad095e02

    • SHA256

      5df18eee028e1d89700f7a243a88112e3809739c8710ec0c3a5a0c5aa8b8ffa3

    • SHA512

      ae7b0c1e16edb1c0a6801e74d7d60f313cb01c9d33527b6f3901b37760fd96832bfdc5dd48dbb14ce1e7b807f17ca72e2b9f4761c3428748d5d7598315f61aa1

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Bootkit

1
T1067

Defense Evasion

Modify Registry

6
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks

static1

Score
N/A

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

bootkitpersistenceupxvmprotect
Score
8/10

behavioral4

bootkitpersistenceupxvmprotect
Score
8/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10