b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784 | Triage

Submit
Reports

Overview

overview

Static

static

b615e08503...84.exe

windows7_x64

b615e08503...84.exe

windows10-2004_x64

Sharing

General

Target

b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784
Size

1.6MB
Sample

220525-appzaaggel
MD5

bf60b20442eb074a2b0b0b9f410aa40b
SHA1

679f886dc3613225c9238eb36669402f60f1ae85
SHA256

b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784
SHA512

81e669cfb677b25116d45b4f0e6341c611a3d56ee46cd019d6e5d8ef9daaf1f4cfeb0e4997032128b1af99ef93f9b81f4cd0026e5a11fdab5d73e4d98801c8b5

Score

10^/10

bootkit evasion persistence suricata trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

Resource

win7-20220414-en

bootkit evasion persistence suricata trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

Resource

win10v2004-20220414-en

bootkit evasion persistence suricata trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784
- Size
  
  1.6MB
- MD5
  
  bf60b20442eb074a2b0b0b9f410aa40b
- SHA1
  
  679f886dc3613225c9238eb36669402f60f1ae85
- SHA256
  
  b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784
- SHA512
  
  81e669cfb677b25116d45b4f0e6341c611a3d56ee46cd019d6e5d8ef9daaf1f4cfeb0e4997032128b1af99ef93f9b81f4cd0026e5a11fdab5d73e4d98801c8b5
Score

10^/10

bootkit evasion persistence suricata trojan upx
- suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
  suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
  suricata
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Downloads MZ/PE file
- Drops file in Drivers directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistencesuricatatrojanupx

behavioral2

bootkitevasionpersistencesuricatatrojanupx

© 2018-2024

Terms | Privacy