Overview

overview

8

Static

static

8

888e0940fb...04.exe

windows7_x64

8

888e0940fb...04.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    888e0940fba3c3c8a3d85d1b9bc21583ee01d8b2879d88b2a5596a22f4c20704

  • Size

    1.5MB

  • Sample

    220521-awxmpsdhcq

  • MD5

    d06994d9a3382a107e18b6d3e7ec9e5a

  • SHA1

    d3d8485f3b38c1f4618268aafe536ec55f973b1e

  • SHA256

    888e0940fba3c3c8a3d85d1b9bc21583ee01d8b2879d88b2a5596a22f4c20704

  • SHA512

    e6895e662bd51754783dd37dcd02524b1b603392953bfde984e86ee8e8a731f7940de6d7746616751d3595c854a9c53d60ffe784acf48764624074c6c1b0703a

Score
8/10
bootkitpersistenceupx

Malware Config

Targets

    • Target

      888e0940fba3c3c8a3d85d1b9bc21583ee01d8b2879d88b2a5596a22f4c20704

    • Size

      1.5MB

    • MD5

      d06994d9a3382a107e18b6d3e7ec9e5a

    • SHA1

      d3d8485f3b38c1f4618268aafe536ec55f973b1e

    • SHA256

      888e0940fba3c3c8a3d85d1b9bc21583ee01d8b2879d88b2a5596a22f4c20704

    • SHA512

      e6895e662bd51754783dd37dcd02524b1b603392953bfde984e86ee8e8a731f7940de6d7746616751d3595c854a9c53d60ffe784acf48764624074c6c1b0703a

    Score
    8/10
    bootkitpersistenceupx

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks