56c468b1e011978cc513c74e8191cd4279fe7b744c97b5c0f381caef43c30422 | Triage

Submit
Reports

Overview

overview

Static

static

56c468b1e0...22.exe

windows7-x64

56c468b1e0...22.exe

windows10-2004-x64

Sharing

General

Target

56c468b1e011978cc513c74e8191cd4279fe7b744c97b5c0f381caef43c30422
Size

266KB
Sample

220725-b6p62shham
MD5

685a2cb5212c9a5b9208fb41fbc98ac7
SHA1

f6d3c90573427a3e68f744f8e0ebada395525e25
SHA256

56c468b1e011978cc513c74e8191cd4279fe7b744c97b5c0f381caef43c30422
SHA512

33f8da6eb65810fe24611afef0f0e575e41e430645283bc59c69be0cd07ac3fafa3823ae468be0a98c40423e1baf851b2882f5c017bb879f30319b1bbdb6bf45

Score

10^/10

bootkit persistence suricata upx

Static task

static1

Behavioral task

behavioral1

Sample

56c468b1e011978cc513c74e8191cd4279fe7b744c97b5c0f381caef43c30422.exe

Resource

win7-20220718-en

bootkit persistence suricata upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

56c468b1e011978cc513c74e8191cd4279fe7b744c97b5c0f381caef43c30422.exe

Resource

win10v2004-20220721-en

bootkit persistence suricata upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  56c468b1e011978cc513c74e8191cd4279fe7b744c97b5c0f381caef43c30422
- Size
  
  266KB
- MD5
  
  685a2cb5212c9a5b9208fb41fbc98ac7
- SHA1
  
  f6d3c90573427a3e68f744f8e0ebada395525e25
- SHA256
  
  56c468b1e011978cc513c74e8191cd4279fe7b744c97b5c0f381caef43c30422
- SHA512
  
  33f8da6eb65810fe24611afef0f0e575e41e430645283bc59c69be0cd07ac3fafa3823ae468be0a98c40423e1baf851b2882f5c017bb879f30319b1bbdb6bf45
Score

10^/10

bootkit persistence suricata upx
- suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
  suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistencesuricataupx

behavioral2

bootkitpersistencesuricataupx

© 2018-2024

Terms | Privacy