86202ff810c2edd8c32b2a374f421a0d9309a41b241a414a911caca0ad8fb5ea | Triage

Submit
Reports

Overview

overview

8

Static

static

1

86202ff810...ea.exe

windows7-x64

8

86202ff810...ea.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

86202ff810c2edd8c32b2a374f421a0d9309a41b241a414a911caca0ad8fb5ea
Size

11.1MB
Sample

221020-x9jz4abedl
MD5

e79e06a38f474ba09eb38fb661ede420
SHA1

a0d27e25730912622c00d209b301ee38ddae0d3d
SHA256

86202ff810c2edd8c32b2a374f421a0d9309a41b241a414a911caca0ad8fb5ea
SHA512

205a61e344e55e09ad389120412c38e07f94ce3bb794ad037515ae4a9d49e28a1ffac4165ba21d3ed63e895e182fdc5f0d646e1aa3624ad5e1507fffd3cf3e96
SSDEEP

196608:9dKzxx4iZC/Nbzz/QxR+W/wPk9z7PUK0iCv/LU0C+CZuFvYHyUdb:ixxFIob+W/PG6+XC+rYdb

Score

8^/10

bootkit discovery evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

86202ff810c2edd8c32b2a374f421a0d9309a41b241a414a911caca0ad8fb5ea.exe

Resource

win7-20220812-en

bootkit discovery evasion persistence trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

86202ff810c2edd8c32b2a374f421a0d9309a41b241a414a911caca0ad8fb5ea.exe

Resource

win10v2004-20220812-en

bootkit discovery evasion persistence trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  86202ff810c2edd8c32b2a374f421a0d9309a41b241a414a911caca0ad8fb5ea
- Size
  
  11.1MB
- MD5
  
  e79e06a38f474ba09eb38fb661ede420
- SHA1
  
  a0d27e25730912622c00d209b301ee38ddae0d3d
- SHA256
  
  86202ff810c2edd8c32b2a374f421a0d9309a41b241a414a911caca0ad8fb5ea
- SHA512
  
  205a61e344e55e09ad389120412c38e07f94ce3bb794ad037515ae4a9d49e28a1ffac4165ba21d3ed63e895e182fdc5f0d646e1aa3624ad5e1507fffd3cf3e96
- SSDEEP
  
  196608:9dKzxx4iZC/Nbzz/QxR+W/wPk9z7PUK0iCv/LU0C+CZuFvYHyUdb:ixxFIob+W/PG6+XC+rYdb
Score

8^/10

bootkit discovery evasion persistence trojan
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistencetrojan

behavioral2

bootkitdiscoveryevasionpersistencetrojan

© 2018-2025

Terms | Privacy