96d76b78a568a67e70851821c036042e2fab663fb80c84c7beb119072b780c6e | Triage

Submit
Reports

Overview

overview

Static

static

96d76b78a5...6e.exe

windows7_x64

96d76b78a5...6e.exe

windows10-2004_x64

Sharing

General

Target

96d76b78a568a67e70851821c036042e2fab663fb80c84c7beb119072b780c6e
Size

1.6MB
Sample

220524-1wafaaddcj
MD5

10039640bf8e8bd1cf0617368bde251f
SHA1

0c59640e4744f4c20e606d9eac47b56f559eeae9
SHA256

96d76b78a568a67e70851821c036042e2fab663fb80c84c7beb119072b780c6e
SHA512

9576a66552a09a14f817f22dbb53e5b8b2270793af1de710e4d9df703818f7fa5b656b74ca5151d39ddecd9c00ea98733dc374953f7fed07437e8336fdeec711

Score

10^/10

bootkit evasion persistence suricata trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

96d76b78a568a67e70851821c036042e2fab663fb80c84c7beb119072b780c6e.exe

Resource

win7-20220414-en

bootkit evasion persistence suricata trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

96d76b78a568a67e70851821c036042e2fab663fb80c84c7beb119072b780c6e.exe

Resource

win10v2004-20220414-en

bootkit evasion persistence suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  96d76b78a568a67e70851821c036042e2fab663fb80c84c7beb119072b780c6e
- Size
  
  1.6MB
- MD5
  
  10039640bf8e8bd1cf0617368bde251f
- SHA1
  
  0c59640e4744f4c20e606d9eac47b56f559eeae9
- SHA256
  
  96d76b78a568a67e70851821c036042e2fab663fb80c84c7beb119072b780c6e
- SHA512
  
  9576a66552a09a14f817f22dbb53e5b8b2270793af1de710e4d9df703818f7fa5b656b74ca5151d39ddecd9c00ea98733dc374953f7fed07437e8336fdeec711
Score

10^/10

bootkit evasion persistence suricata trojan upx
- suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
  suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
  suricata
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitevasionpersistencesuricatatrojanupx

behavioral2

bootkitevasionpersistencesuricatatrojan

© 2018-2024

Terms | Privacy