6bb280da2290da9129d2f0398728fb43110a1399614b473b14b990f98373323b | Triage

Submit
Reports

Overview

overview

8

Static

static

1

6bb280da22...3b.exe

windows7-x64

8

6bb280da22...3b.exe

windows10-2004-x64

8

Sharing

General

Target

6bb280da2290da9129d2f0398728fb43110a1399614b473b14b990f98373323b
Size

258KB
Sample

221003-n4k6jaeeb9
MD5

049d9d8e49cebecbd4544ca68e6a7705
SHA1

f6bf531954b3423310c924b962cf7a5c7fa7dd87
SHA256

6bb280da2290da9129d2f0398728fb43110a1399614b473b14b990f98373323b
SHA512

350036e50b9c7ad8e0dd46dbd57cf67781ecd7e242dd495480f2b9df38284a9f0a250aa88139a8f7a948f90e28166485688cdeee0ff8308e12de7c63dcf247fd
SSDEEP

6144:2bNz4Vw9xjMWn0lEsr6BRZ52fv6Y+oNUmlN:4aw9xjMBhrUZ2fhrUmlN

Score

8^/10

bootkit persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6bb280da2290da9129d2f0398728fb43110a1399614b473b14b990f98373323b.exe

Resource

win7-20220901-en

bootkit persistence upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

6bb280da2290da9129d2f0398728fb43110a1399614b473b14b990f98373323b.exe

Resource

win10v2004-20220901-en

persistence upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  6bb280da2290da9129d2f0398728fb43110a1399614b473b14b990f98373323b
- Size
  
  258KB
- MD5
  
  049d9d8e49cebecbd4544ca68e6a7705
- SHA1
  
  f6bf531954b3423310c924b962cf7a5c7fa7dd87
- SHA256
  
  6bb280da2290da9129d2f0398728fb43110a1399614b473b14b990f98373323b
- SHA512
  
  350036e50b9c7ad8e0dd46dbd57cf67781ecd7e242dd495480f2b9df38284a9f0a250aa88139a8f7a948f90e28166485688cdeee0ff8308e12de7c63dcf247fd
- SSDEEP
  
  6144:2bNz4Vw9xjMWn0lEsr6BRZ52fv6Y+oNUmlN:4aw9xjMBhrUZ2fhrUmlN
Score

8^/10

bootkit persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistenceupx

behavioral2

© 2018-2024

Terms | Privacy