Overview

overview

8

Static

static

8

57c5a1a41a...17.exe

windows7_x64

8

57c5a1a41a...17.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    57c5a1a41a3e366f43cef2b6d31b4970b92fc04b92b32489994a1abeeea77417

  • Size

    1.1MB

  • Sample

    220524-wbpl9afggk

  • MD5

    e22f5c3e65784a5cab601d04ac66108a

  • SHA1

    e0d37a1d88520bf478e2799a04b119f83f53650f

  • SHA256

    57c5a1a41a3e366f43cef2b6d31b4970b92fc04b92b32489994a1abeeea77417

  • SHA512

    08977a8e85f306f31eac5a5dc45d2fe85f984c5f49c6866fe383d9ce86afba1dd837d7181f76d157893b7b1d89c9444a995de344984ede7141d9310003d03dee

Score
8/10
bootkitpersistenceupx

Malware Config

Targets

    • Target

      57c5a1a41a3e366f43cef2b6d31b4970b92fc04b92b32489994a1abeeea77417

    • Size

      1.1MB

    • MD5

      e22f5c3e65784a5cab601d04ac66108a

    • SHA1

      e0d37a1d88520bf478e2799a04b119f83f53650f

    • SHA256

      57c5a1a41a3e366f43cef2b6d31b4970b92fc04b92b32489994a1abeeea77417

    • SHA512

      08977a8e85f306f31eac5a5dc45d2fe85f984c5f49c6866fe383d9ce86afba1dd837d7181f76d157893b7b1d89c9444a995de344984ede7141d9310003d03dee

    Score
    8/10
    bootkitpersistenceupx

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks