558fbd26ccbafc05c9a2b070abba157dd69b0d212b821149b056a7b98644cbad | Triage

Submit
Reports

Overview

overview

8

Static

static

sample

windows7-x64

8

sample

windows10-1703-x64

8

sample

windows10-2004-x64

8

Sharing

General

Target

sample
Size

1KB
Sample

220907-tqrztahgfn
MD5

563ffac3b2c4488ecd24e81c655ad397
SHA1

28eca35a7ebee2f546b35fff21dfe5e96923a36f
SHA256

558fbd26ccbafc05c9a2b070abba157dd69b0d212b821149b056a7b98644cbad
SHA512

7e969a85fbf142c82961669e31e70f1029126c879602665ae2cd10a487893e4fa0207ea1d1c6ebe360ebadf0b44f834fcaa69de78a076e7edd97b20f0e550fc5

Score

8^/10

bootkit discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

sample

Resource

win7-20220812-en

windows7-x64

7 signatures

1800 seconds

Behavioral task

behavioral2

Sample

sample

Resource

win10-20220901-en

bootkit discovery persistence spyware stealer

windows10-1703-x64

30 signatures

1800 seconds

Behavioral task

behavioral3

Sample

sample

Resource

win10v2004-20220812-en

bootkit discovery persistence spyware stealer

windows10-2004-x64

30 signatures

1800 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  1KB
- MD5
  
  563ffac3b2c4488ecd24e81c655ad397
- SHA1
  
  28eca35a7ebee2f546b35fff21dfe5e96923a36f
- SHA256
  
  558fbd26ccbafc05c9a2b070abba157dd69b0d212b821149b056a7b98644cbad
- SHA512
  
  7e969a85fbf142c82961669e31e70f1029126c879602665ae2cd10a487893e4fa0207ea1d1c6ebe360ebadf0b44f834fcaa69de78a076e7edd97b20f0e550fc5
Score

8^/10

bootkit discovery persistence spyware stealer
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops desktop.ini file(s)
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Bootkit

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bootkitdiscoverypersistencespywarestealer

behavioral3

bootkitdiscoverypersistencespywarestealer

© 2018-2025

Terms | Privacy