Overview

overview

10

Static

static

77d19051d9...d7.exe

windows7-x64

10

77d19051d9...d7.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    77d19051d9676f29ca1554077f77619b24e85e3acb75257e21cce24dc9ce5bd7

  • Size

    2.3MB

  • Sample

    221003-rmmvksaff5

  • MD5

    4b3285f3b6f588cd62cbf5cd64eb9bb5

  • SHA1

    709c5e99ae4b5baa99fdd10684f178c53cba7b82

  • SHA256

    77d19051d9676f29ca1554077f77619b24e85e3acb75257e21cce24dc9ce5bd7

  • SHA512

    11a126450aa2c0b3ee6cfe3de0b5285f12a3f61cf0c80a0ad088374295dd8b043e076e7185bee131fbdf8e890aa53101a61a313ea33fd728cceec34add5f6a19

  • SSDEEP

    49152:hF9Q5Ujw6tkkcq428htQPOL2XmGs3hfFeWmu3rWrHGn9LvH8nLwPlC/v3:3GiE6OzqehtQ+ThdN7YHGn976wPl6v3

Score
10/10
bootkitdiscoveryevasionpersistencespywarestealertrojanupx

Malware Config

Targets

    • Target

      77d19051d9676f29ca1554077f77619b24e85e3acb75257e21cce24dc9ce5bd7

    • Size

      2.3MB

    • MD5

      4b3285f3b6f588cd62cbf5cd64eb9bb5

    • SHA1

      709c5e99ae4b5baa99fdd10684f178c53cba7b82

    • SHA256

      77d19051d9676f29ca1554077f77619b24e85e3acb75257e21cce24dc9ce5bd7

    • SHA512

      11a126450aa2c0b3ee6cfe3de0b5285f12a3f61cf0c80a0ad088374295dd8b043e076e7185bee131fbdf8e890aa53101a61a313ea33fd728cceec34add5f6a19

    • SSDEEP

      49152:hF9Q5Ujw6tkkcq428htQPOL2XmGs3hfFeWmu3rWrHGn9LvH8nLwPlC/v3:3GiE6OzqehtQ+ThdN7YHGn976wPl6v3

    Score
    10/10
    bootkitdiscoveryevasionpersistencespywarestealertrojanupx

    • UAC bypass

      evasiontrojan

    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

      evasion

    • Enumerates VirtualBox registry keys

      evasion

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

      evasion

    • Drops file in Drivers directory

    • Sets file execution options in registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks