82dde4857674bb0d4473d16c9d22ba8abb26766f49442256e3d0f4e44671cbe0 | Triage

Submit
Reports

Overview

overview

9

Static

static

82dde48576...e0.exe

windows7_x64

9

82dde48576...e0.exe

windows10-2004_x64

9

Sharing

General

Target

82dde4857674bb0d4473d16c9d22ba8abb26766f49442256e3d0f4e44671cbe0
Size

2.3MB
Sample

220524-a1tfvaadg2
MD5

821690d3cbd6113cffc72bb6a037e616
SHA1

d189e863f5925b62687600332335e85fdb49b4fe
SHA256

82dde4857674bb0d4473d16c9d22ba8abb26766f49442256e3d0f4e44671cbe0
SHA512

bade0089307cc9da432807f394ec644d14fd1f8b4d25ec9c2b18476b3816dd4270bf287536621908db5212821d7e3003e825447de106617fc520852b91f6b254

Score

9^/10

bootkit discovery persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

82dde4857674bb0d4473d16c9d22ba8abb26766f49442256e3d0f4e44671cbe0.exe

Resource

win7-20220414-en

bootkit persistence upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

82dde4857674bb0d4473d16c9d22ba8abb26766f49442256e3d0f4e44671cbe0.exe

Resource

win10v2004-20220414-en

bootkit discovery persistence upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  82dde4857674bb0d4473d16c9d22ba8abb26766f49442256e3d0f4e44671cbe0
- Size
  
  2.3MB
- MD5
  
  821690d3cbd6113cffc72bb6a037e616
- SHA1
  
  d189e863f5925b62687600332335e85fdb49b4fe
- SHA256
  
  82dde4857674bb0d4473d16c9d22ba8abb26766f49442256e3d0f4e44671cbe0
- SHA512
  
  bade0089307cc9da432807f394ec644d14fd1f8b4d25ec9c2b18476b3816dd4270bf287536621908db5212821d7e3003e825447de106617fc520852b91f6b254
Score

9^/10

bootkit persistence upx discovery
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistenceupx

behavioral2

bootkitdiscoverypersistenceupx

© 2018-2024

Terms | Privacy