3a9c9b0efb46f90da6bad1318e7b9c24549481589960bab5af8d6bc8142f22d6 | Triage

Submit
Reports

Overview

overview

Static

static

8

3a9c9b0efb...d6.exe

windows7-x64

8

3a9c9b0efb...d6.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

3a9c9b0efb46f90da6bad1318e7b9c24549481589960bab5af8d6bc8142f22d6
Size

344KB
Sample

221028-2zpvtaahh2
MD5

0b9de246ebf69315c47845bb01926451
SHA1

ccad150a3488cc4f066d7d39fa6d8b85b8d3d56d
SHA256

3a9c9b0efb46f90da6bad1318e7b9c24549481589960bab5af8d6bc8142f22d6
SHA512

13565a5a0de89923d5bb664e188413db1814495556e8fe865870c8e97d7d1221891c2bcf292d4e4e0218b2864f300cc4a3eaaecf6b8d5c29412b2bd85a3368e3
SSDEEP

6144:EKY+kdKeAVbk/I2kVFhVoXXM/m0GeJie:QkKXImY

Score

10^/10

adware bootkit evasion persistence stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3a9c9b0efb46f90da6bad1318e7b9c24549481589960bab5af8d6bc8142f22d6.exe

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

3a9c9b0efb46f90da6bad1318e7b9c24549481589960bab5af8d6bc8142f22d6.exe

Resource

win10v2004-20220901-en

adware bootkit evasion persistence stealer upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  3a9c9b0efb46f90da6bad1318e7b9c24549481589960bab5af8d6bc8142f22d6
- Size
  
  344KB
- MD5
  
  0b9de246ebf69315c47845bb01926451
- SHA1
  
  ccad150a3488cc4f066d7d39fa6d8b85b8d3d56d
- SHA256
  
  3a9c9b0efb46f90da6bad1318e7b9c24549481589960bab5af8d6bc8142f22d6
- SHA512
  
  13565a5a0de89923d5bb664e188413db1814495556e8fe865870c8e97d7d1221891c2bcf292d4e4e0218b2864f300cc4a3eaaecf6b8d5c29412b2bd85a3368e3
- SSDEEP
  
  6144:EKY+kdKeAVbk/I2kVFhVoXXM/m0GeJie:QkKXImY
Score

10^/10

upx adware bootkit evasion persistence stealer
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Blocklisted process makes network request
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Browser Extensions

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

adwarebootkitevasionpersistencestealerupx

© 2018-2025

Terms | Privacy