Overview

overview

8

Static

static

527d6ebb89...cb.exe

windows7-x64

8

527d6ebb89...cb.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    527d6ebb89a030e8b97bc4b0e9e91afb44537e7240d09c8c3b085b1c14f874cb

  • Size

    772KB

  • Sample

    221011-x6mxksbedm

  • MD5

    243532bbc8c8b100de94534d97c5e4e9

  • SHA1

    63cfa53fd88e18c314184516d0e817fe9dc02737

  • SHA256

    527d6ebb89a030e8b97bc4b0e9e91afb44537e7240d09c8c3b085b1c14f874cb

  • SHA512

    2917c3f52d55f3962a31ccdf10cbeec88fa50c35a0f12461f2925faade31713d26a1685f63bf07b946b5e599b338016b02401b6fd3a6e1e54c082119036dcf52

  • SSDEEP

    12288:F/ezy90B4ilasnPRo/BpVxChgX1R9QLOPX6wgjCSPRfiuB8p:QyniEuREauXH9Qqv6wg2SJfj

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      527d6ebb89a030e8b97bc4b0e9e91afb44537e7240d09c8c3b085b1c14f874cb

    • Size

      772KB

    • MD5

      243532bbc8c8b100de94534d97c5e4e9

    • SHA1

      63cfa53fd88e18c314184516d0e817fe9dc02737

    • SHA256

      527d6ebb89a030e8b97bc4b0e9e91afb44537e7240d09c8c3b085b1c14f874cb

    • SHA512

      2917c3f52d55f3962a31ccdf10cbeec88fa50c35a0f12461f2925faade31713d26a1685f63bf07b946b5e599b338016b02401b6fd3a6e1e54c082119036dcf52

    • SSDEEP

      12288:F/ezy90B4ilasnPRo/BpVxChgX1R9QLOPX6wgjCSPRfiuB8p:QyniEuREauXH9Qqv6wg2SJfj

    Score
    8/10
    bootkitpersistence

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks