36809dfa4186e7b711c733b31f71aeeb315d5b3df82d836f42e7901b9d59767f | Triage

Submit
Reports

Overview

overview

8

Static

static

8

36809dfa41...7f.exe

windows7-x64

8

36809dfa41...7f.exe

windows10-2004-x64

8

Sharing

General

Target

36809dfa4186e7b711c733b31f71aeeb315d5b3df82d836f42e7901b9d59767f
Size

4.5MB
Sample

221002-26tscagbdj
MD5

05aaa239c3a46f86dd41e2fcb9a6b6c9
SHA1

0b18a083e0c9ba7475033171fa3736f7de9222d2
SHA256

36809dfa4186e7b711c733b31f71aeeb315d5b3df82d836f42e7901b9d59767f
SHA512

523c7c361d4d5c53e611cb093c7440bdc577d4d18886de1ce330bcd27c9ae4c5ff9312d9a657cbc6e0ccba7c628844371fba6df4e0765b16527ee1ece937eaaa
SSDEEP

98304:OijWI3YTO16YlzR+CAB2ibiLAyhS/Af3dsFTYoRHQecigfxRcKHIY:Oij1oi4YZ5ABLboxhYI3deTYmlYxRRN

Score

8^/10

bootkit persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

36809dfa4186e7b711c733b31f71aeeb315d5b3df82d836f42e7901b9d59767f.exe

Resource

win7-20220812-en

bootkit persistence upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

36809dfa4186e7b711c733b31f71aeeb315d5b3df82d836f42e7901b9d59767f.exe

Resource

win10v2004-20220812-en

bootkit persistence upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  36809dfa4186e7b711c733b31f71aeeb315d5b3df82d836f42e7901b9d59767f
- Size
  
  4.5MB
- MD5
  
  05aaa239c3a46f86dd41e2fcb9a6b6c9
- SHA1
  
  0b18a083e0c9ba7475033171fa3736f7de9222d2
- SHA256
  
  36809dfa4186e7b711c733b31f71aeeb315d5b3df82d836f42e7901b9d59767f
- SHA512
  
  523c7c361d4d5c53e611cb093c7440bdc577d4d18886de1ce330bcd27c9ae4c5ff9312d9a657cbc6e0ccba7c628844371fba6df4e0765b16527ee1ece937eaaa
- SSDEEP
  
  98304:OijWI3YTO16YlzR+CAB2ibiLAyhS/Af3dsFTYoRHQecigfxRcKHIY:Oij1oi4YZ5ABLboxhYI3deTYmlYxRRN
Score

8^/10

bootkit persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistenceupx

behavioral2

bootkitpersistenceupx

© 2018-2024

Terms | Privacy