ac658726e7d186f5732d1496d473cee9a4119675da4a4f95dce943350459da0a | Triage

Submit
Reports

Overview

overview

Static

static

ac658726e7...0a.exe

windows7-x64

ac658726e7...0a.exe

windows10-2004-x64

8

Sharing

General

Target

ac658726e7d186f5732d1496d473cee9a4119675da4a4f95dce943350459da0a
Size

593KB
Sample

221020-ygbcxsbhek
MD5

a01ff27c6d183a9b58e6c7394db22250
SHA1

78a563c62fbf2d2b065c82ba741ddc9465f83760
SHA256

ac658726e7d186f5732d1496d473cee9a4119675da4a4f95dce943350459da0a
SHA512

f0541e5d656298f703c1a3cc3bee5e745eb127123ddb7280e3b64936c1803c4d311d0d1592705359871319e5364bb318871b47e3b2bc00a2187cc0fc72a84359
SSDEEP

12288:VuBSP/amCdBJSpc/aaT9/gur79Yq63kfydqAKTE1qH:sA6dBwy/aI/gK79YH0FAgxH

Score

10^/10

bootkit evasion persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

ac658726e7d186f5732d1496d473cee9a4119675da4a4f95dce943350459da0a.exe

Resource

win7-20220901-en

bootkit evasion persistence upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

ac658726e7d186f5732d1496d473cee9a4119675da4a4f95dce943350459da0a.exe

Resource

win10v2004-20220901-en

bootkit persistence upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  ac658726e7d186f5732d1496d473cee9a4119675da4a4f95dce943350459da0a
- Size
  
  593KB
- MD5
  
  a01ff27c6d183a9b58e6c7394db22250
- SHA1
  
  78a563c62fbf2d2b065c82ba741ddc9465f83760
- SHA256
  
  ac658726e7d186f5732d1496d473cee9a4119675da4a4f95dce943350459da0a
- SHA512
  
  f0541e5d656298f703c1a3cc3bee5e745eb127123ddb7280e3b64936c1803c4d311d0d1592705359871319e5364bb318871b47e3b2bc00a2187cc0fc72a84359
- SSDEEP
  
  12288:VuBSP/amCdBJSpc/aaT9/gur79Yq63kfydqAKTE1qH:sA6dBwy/aI/gK79YH0FAgxH
Score

10^/10

bootkit evasion persistence upx
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistenceupx

behavioral2

bootkitpersistenceupx

© 2018-2025

Terms | Privacy