e4d2a1c1d07014f4433ad4e1a70e25df7cac7e0fb15b1f2806f2f15e981e05f5

General

Target

e4d2a1c1d07014f4433ad4e1a70e25df7cac7e0fb15b1f2806f2f15e981e05f5
Size

448KB
Sample

221011-xte17safd3
MD5

2141af8a7d75c45eba3d20869278c746
SHA1

74a6fc28200a421c3f450f134ec131e0d8d2085e
SHA256

e4d2a1c1d07014f4433ad4e1a70e25df7cac7e0fb15b1f2806f2f15e981e05f5
SHA512

999da245923f62e62c2de61a47fdbb54ff7cbf4943c00dacd80de480698bd95de71a9a8a828d02deb67f53da39631ab573687af6ec6e6c448726857304fbd608
SSDEEP

12288:i5vizX6SrotZ5e16/URdOYOF5Vv8ZUljcolwPoc1HvtG:itizX4QRyFzkocpw

Score

9^/10

Malware Config

Targets

- Target
  
  e4d2a1c1d07014f4433ad4e1a70e25df7cac7e0fb15b1f2806f2f15e981e05f5
- Size
  
  448KB
- MD5
  
  2141af8a7d75c45eba3d20869278c746
- SHA1
  
  74a6fc28200a421c3f450f134ec131e0d8d2085e
- SHA256
  
  e4d2a1c1d07014f4433ad4e1a70e25df7cac7e0fb15b1f2806f2f15e981e05f5
- SHA512
  
  999da245923f62e62c2de61a47fdbb54ff7cbf4943c00dacd80de480698bd95de71a9a8a828d02deb67f53da39631ab573687af6ec6e6c448726857304fbd608
- SSDEEP
  
  12288:i5vizX6SrotZ5e16/URdOYOF5Vv8ZUljcolwPoc1HvtG:itizX4QRyFzkocpw
Score

9^/10

bootkit discovery persistence upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

1

T1067

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ACProtect 1.3x - 1.4x DLL software

Downloads MZ/PE file

Executes dropped EXE

UPX packed file

Checks computer location settings

Loads dropped DLL

Checks installed software on the system

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2