Overview

overview

8

Static

static

8

8c74301958...8a.exe

windows7-x64

8

8c74301958...8a.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8c74301958efa55405dd2e95c7ad6d8a

  • Size

    5.6MB

  • Sample

    220802-z42dascgfp

  • MD5

    8c74301958efa55405dd2e95c7ad6d8a

  • SHA1

    ff478544d305b4c7ba251653ffcc42bbd4e7e4f6

  • SHA256

    097c0e0cf4be0ee548390d1e6f8630b45f12e8edd3611934cca334cd77efea5c

  • SHA512

    59e999e46d5d1e458b506e52a18c3042281e26510aeb2133ca7cb16d410a98c26b2884437b507a06775b09c86eb48c3c52c34bd0ba2e39838eb0b02f2cad2262

Score
8/10
bootkitpersistencevmprotect

Malware Config

Targets

    • Target

      8c74301958efa55405dd2e95c7ad6d8a

    • Size

      5.6MB

    • MD5

      8c74301958efa55405dd2e95c7ad6d8a

    • SHA1

      ff478544d305b4c7ba251653ffcc42bbd4e7e4f6

    • SHA256

      097c0e0cf4be0ee548390d1e6f8630b45f12e8edd3611934cca334cd77efea5c

    • SHA512

      59e999e46d5d1e458b506e52a18c3042281e26510aeb2133ca7cb16d410a98c26b2884437b507a06775b09c86eb48c3c52c34bd0ba2e39838eb0b02f2cad2262

    Score
    8/10
    bootkitpersistencevmprotect

    • Downloads MZ/PE file

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks