96d76b78a568a67e70851821c036042e2fab663fb80c84c7beb119072b780c6e | Triage

Submit
Reports

Overview

overview

Static

static

96d76b78a5...6e.exe

windows7_x64

96d76b78a5...6e.exe

windows10-2004_x64

Sharing

General

Target

96d76b78a568a67e70851821c036042e2fab663fb80c84c7beb119072b780c6e
Size

1.6MB
Sample

220524-1wafaaddcj
MD5

10039640bf8e8bd1cf0617368bde251f
SHA1

0c59640e4744f4c20e606d9eac47b56f559eeae9
SHA256

96d76b78a568a67e70851821c036042e2fab663fb80c84c7beb119072b780c6e
SHA512

9576a66552a09a14f817f22dbb53e5b8b2270793af1de710e4d9df703818f7fa5b656b74ca5151d39ddecd9c00ea98733dc374953f7fed07437e8336fdeec711

Score

10^/10

bootkit evasion persistence suricata trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

96d76b78a568a67e70851821c036042e2fab663fb80c84c7beb119072b780c6e.exe

Resource

win7-20220414-en

bootkit evasion persistence suricata trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

96d76b78a568a67e70851821c036042e2fab663fb80c84c7beb119072b780c6e.exe

Resource

win10v2004-20220414-en

bootkit evasion persistence suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  96d76b78a568a67e70851821c036042e2fab663fb80c84c7beb119072b780c6e
- Size
  
  1.6MB
- MD5
  
  10039640bf8e8bd1cf0617368bde251f
- SHA1
  
  0c59640e4744f4c20e606d9eac47b56f559eeae9
- SHA256
  
  96d76b78a568a67e70851821c036042e2fab663fb80c84c7beb119072b780c6e
- SHA512
  
  9576a66552a09a14f817f22dbb53e5b8b2270793af1de710e4d9df703818f7fa5b656b74ca5151d39ddecd9c00ea98733dc374953f7fed07437e8336fdeec711
Score

10^/10

bootkit evasion persistence suricata trojan upx
- suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
  suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
  suricata
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistencesuricatatrojanupx

behavioral2

bootkitevasionpersistencesuricatatrojan

© 2018-2024

Terms | Privacy