7ac578ba6196499e5607a25cf3114b2836603dee14147158c7dcb936c6177c5f | Triage

Submit
Reports

Overview

overview

8

Static

static

Stellar Da...ed.exe

windows7-x64

8

Stellar Da...ed.exe

windows10-2004-x64

8

Sharing

General

Target

Stellar Data Recovery Pro 10.2.0.0 (x64) Multilingual.zip
Size

157.6MB
Sample

221003-nya4daecd2
MD5

3ad37baf18a473e0c071f86278419ddd
SHA1

d3a578ba6033624b9680701fd2f3796af04f2292
SHA256

7ac578ba6196499e5607a25cf3114b2836603dee14147158c7dcb936c6177c5f
SHA512

82f678f4f68497e851accbc4a98345a411d4a712712ae1213f758213f881926af1a254d0bb0d25d3bffea942adb97770580e616147d940d21be61bda9fb8c751
SSDEEP

3145728:b0Cvc633jklEitZ44OzLlqj2rmOaJWW9WYyvePa/:b0gceQlN4JL22BaJPWYyWPw

Score

8^/10

bootkit discovery persistence vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

Stellar Data Recovery Pro 10.2.0.0 (x64) Multilingual/Stellar Data Recovery Pro_pre-Activated.exe

Resource

win7-20220901-en

bootkit discovery persistence vmprotect

windows7-x64

13 signatures

300 seconds

Behavioral task

behavioral2

Sample

Stellar Data Recovery Pro 10.2.0.0 (x64) Multilingual/Stellar Data Recovery Pro_pre-Activated.exe

Resource

win10v2004-20220901-en

bootkit discovery persistence vmprotect

windows10-2004-x64

14 signatures

300 seconds

Malware Config

Targets

- Target
  
  Stellar Data Recovery Pro 10.2.0.0 (x64) Multilingual/Stellar Data Recovery Pro_pre-Activated.exe
- Size
  
  157.9MB
- MD5
  
  9e34885dda4b34413c2f2ce38f24d007
- SHA1
  
  2b0d1cbbbff8a106c36d61958e5ac15aa50f48d2
- SHA256
  
  05b25afaeea8169af59f074e01d540dd41224ef1882a7184945a3e0b383c8fa1
- SHA512
  
  917da28072cc007e56828fe6383941386100a7823f4b650530aab020c239cc080cf62fe1256c00c85f04a374619d9f8c20b3e1f5be55a07b96945ca370eed875
- SSDEEP
  
  3145728:wGTvi57iT5nGzzBTyfBgnVSdyir1GaoqcjOiDMfCw2ksGEMfLjTEwTxpvy:Zg7s5n+kqSdLPiDWCOsGrDBxpa
Score

8^/10

bootkit discovery persistence vmprotect
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistencevmprotect

behavioral2

bootkitdiscoverypersistencevmprotect

© 2018-2024

Terms | Privacy