Overview

overview

8

Static

static

8

Movavi Vid...18.dll

windows7-x64

8

Movavi Vid...18.dll

windows10-2004-x64

8

Movavi Vid...32.dll

windows7-x64

8

Movavi Vid...32.dll

windows10-2004-x64

8

Movavi Vid...up.exe

windows7-x64

8

Movavi Vid...up.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Movavi Video Editor Plus 22.1.1 (x64).zip

  • Size

    87.2MB

  • Sample

    221003-lj59vsfhg3

  • MD5

    3597b030a05c49689cc2875a7355ec06

  • SHA1

    a3fd6aa7d388320f4340115d69640b0cd26e337a

  • SHA256

    a2a5404ab0542af35bea0800030683ab2909b8b5bf47ced4e7dfaf8fa6baa90c

  • SHA512

    cec5f925d2c1fce2dd642ebd9c4318e1811ee836d39be852bfcade35de90d9778b354a4118b84288cd55cdc51602e9114138f13a5aa39a806cfd9b80897fe411

  • SSDEEP

    1572864:ceRqb1baLGElbjNCgoCfp8WFLNWFqdXclHz+fDShgAFyQynwHdyaAcDRZb9u8:p8bkjN3pfCWFZWFqpg+rSGAJNyaA0f9r

Score
8/10
bootkitdiscoverypersistencevmprotect

Malware Config

Targets

    • Target

      Movavi Video Editor Plus 22.1.1 (x64) Multilingual/Hook-dll/bb2018.dll

    • Size

      201KB

    • MD5

      6f4b671473e343ff6eb0cd9951f24934

    • SHA1

      dbebbc223cd39f5649867395438ef2750d90e32f

    • SHA256

      a00178f72d569fd845cc8f7c5cb7c4f983ed0dfbe3176e15c42ae884dee2db36

    • SHA512

      76f009757d9a6af55a75d39a14b6a10c240081fd7f2d9bfe7eb909f0e4122052961f9312fbbf52caa6e629ce97912be992dce63d301c7db3974f39b16a5f4d2c

    • SSDEEP

      3072:2+ATME5JAC/T/2njLhbCDvmSOo2iePG3ufWC+vrXT/7nM4L3zxO1S+b2+QNOURoM:W9ygBm+Hjt3FwdnmgX4eo1uPESEz96

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

    • Target

      Movavi Video Editor Plus 22.1.1 (x64) Multilingual/Hook-dll/wtsapi32.dll

    • Size

      328KB

    • MD5

      63fe84db6cb9962e66b18ea693548b6a

    • SHA1

      8a3bfc360c6000608ac2835aa018dfefdbc6d359

    • SHA256

      3adab3ec18b35ff15d6624b3d3e5323b68f029d82c0325c9fd0d9d8ce08d5ca4

    • SHA512

      dee25b7374d57bca19fd7f0ec7c1a13f532601441693fd52619ebd2746656542c49348d5f6b3c23740ba366fbcd8f7f2bc6050afc4db0a40fcbda6322ace0ee3

    • SSDEEP

      6144:lH1IsnREu09rmgpkjHUr8htAzkZwTLnNCAC8isFZ4RG+h40R:cWn09rnejUr8i9C8vFqvhTR

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral3behavioral4

    • Target

      Movavi Video Editor Plus 22.1.1 (x64) Multilingual/MovaviVideoEditorPlusSetup.exe

    • Size

      87.6MB

    • MD5

      e94e8fb00c86bd4f38b5fa50dad51e13

    • SHA1

      997854e4bb04c655f714ed39c8fb9e1fe046b442

    • SHA256

      60d1e0e7201e6c06e7765f4751a42ba16a5054076112d8a163adc92e725caa68

    • SHA512

      d11c26fdaa9acc042c180728e4b186b5b0186eb2c8dcdfc67fef46949c9e2220784b397727b77f9743e0627ed14502a2d994b5eefbfa9535879fbfe15534b712

    • SSDEEP

      1572864:ZgWxvK6TOgcN+60TsyFGzeAojxOFz23jEjqU1975SXESJaFx/efTgNATgukzu2tQ:Zn9pTOgDNTJAod8z23YqW97MXNIjGfTB

    Score
    8/10
    bootkitdiscoverypersistence

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks