1e1b584f956cf2f5c45fae6d859a15e874b75ff0bb37ed8c5185af09287e5980 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

1e1b584f95...80.exe

windows7-x64

8

1e1b584f95...80.exe

windows10-2004-x64

8

Sharing

General

Target

1e1b584f956cf2f5c45fae6d859a15e874b75ff0bb37ed8c5185af09287e5980
Size

1.9MB
Sample

221008-3pc9psfhh8
MD5

982069735abf3a43795391dbff28a48e
SHA1

bbc9467c17b5dabfd96e01384ec6b27ef04cbb07
SHA256

1e1b584f956cf2f5c45fae6d859a15e874b75ff0bb37ed8c5185af09287e5980
SHA512

c4aada82ec6ecc5b59029709fbda8b205e1243737eeab38683e74252bae345c30b23acdb14fa622c500c113c0483075078295b3b28298965a76281d42e0ac5d8
SSDEEP

49152:d9AtclN1BETpmlo+P/ytSHDbfyr4h++f7g0rqRtq9aI+/wO:d9At6Na8ljHDbKchd7guqjIewO

Score

8^/10

bootkit persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1e1b584f956cf2f5c45fae6d859a15e874b75ff0bb37ed8c5185af09287e5980.exe

Resource

win7-20220812-en

bootkit persistence upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

1e1b584f956cf2f5c45fae6d859a15e874b75ff0bb37ed8c5185af09287e5980.exe

Resource

win10v2004-20220812-en

bootkit persistence upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  1e1b584f956cf2f5c45fae6d859a15e874b75ff0bb37ed8c5185af09287e5980
- Size
  
  1.9MB
- MD5
  
  982069735abf3a43795391dbff28a48e
- SHA1
  
  bbc9467c17b5dabfd96e01384ec6b27ef04cbb07
- SHA256
  
  1e1b584f956cf2f5c45fae6d859a15e874b75ff0bb37ed8c5185af09287e5980
- SHA512
  
  c4aada82ec6ecc5b59029709fbda8b205e1243737eeab38683e74252bae345c30b23acdb14fa622c500c113c0483075078295b3b28298965a76281d42e0ac5d8
- SSDEEP
  
  49152:d9AtclN1BETpmlo+P/ytSHDbfyr4h++f7g0rqRtq9aI+/wO:d9At6Na8ljHDbKchd7guqjIewO
Score

8^/10

bootkit persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistenceupx

behavioral2

bootkitpersistenceupx

© 2018-2024

Terms | Privacy