Overview

overview

8

Static

static

360safe_cq.exe

windows7-x64

8

Resubmissions

10/09/2022, 21:30

220910-1cln7safe9 8

Sharing

Copy URL Twitter E-mail

General

  • Target

    360safe_cq.malware

  • Size

    2.5MB

  • Sample

    220910-1cln7safe9

  • MD5

    4870239f217b1fb7194eb05e70f1bd5c

  • SHA1

    8a51cb7113c4ad7b391edc6194c58e2ceab4d5fa

  • SHA256

    b461bd262778834af7e326f1c5cc4fe5fd134a2b1ba32332d4a5dcc4386eb595

  • SHA512

    df80d4dc6837b957be0a953744df279ec1baffcb82fa9300daade2ee4d1cacef77fd24380505033034049e836ebb7c4abfc5ffc4994908a07615b35ddc5b8c52

  • SSDEEP

    49152:jxwpiJmTgXkuvib1TogsPuqU4b6KzxzYe0:1JggXkuvv3U4u6xzYf

Score
8/10
bootkitgooglediscoverypersistencephishing

Malware Config

Targets

    • Target

      360safe_cq.malware

    • Size

      2.5MB

    • MD5

      4870239f217b1fb7194eb05e70f1bd5c

    • SHA1

      8a51cb7113c4ad7b391edc6194c58e2ceab4d5fa

    • SHA256

      b461bd262778834af7e326f1c5cc4fe5fd134a2b1ba32332d4a5dcc4386eb595

    • SHA512

      df80d4dc6837b957be0a953744df279ec1baffcb82fa9300daade2ee4d1cacef77fd24380505033034049e836ebb7c4abfc5ffc4994908a07615b35ddc5b8c52

    • SSDEEP

      49152:jxwpiJmTgXkuvib1TogsPuqU4b6KzxzYe0:1JggXkuvv3U4u6xzYf

    Score
    8/10
    bootkitgooglediscoverypersistencephishing

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Detected potential entity reuse from brand google.

      phishinggoogle
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks