Overview

overview

8

Static

static

0affd3484e...bd.exe

windows7-x64

8

0affd3484e...bd.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0affd3484eebdea0fdaa40f4728ce51c6513d1c190c2e79a0a24db16021aebbd

  • Size

    583KB

  • Sample

    221030-avsmcseceq

  • MD5

    929457dc75bc3543c97bdafb7a00721a

  • SHA1

    12b2f7b1c2faf3533092b6b729c61903e17f4110

  • SHA256

    0affd3484eebdea0fdaa40f4728ce51c6513d1c190c2e79a0a24db16021aebbd

  • SHA512

    a4ca93b0d0e93e877e9526e13274fd6acd7f8efe25dc94985184c4f57a8739344648c2f4b1d36ec80c8d01d68fff6225c8833a5b130e34b02aa2aaf783fe3ad5

  • SSDEEP

    12288:NM0bdyzpX23UYWx0EPs21KEP3x9G7JCBhx2YV0fOdHrnBHbAZv41BY:22yzJ0ULxfPs21BPi7JCBhoYSfOdHrq/

Score
8/10
bootkitpersistenceupx

Malware Config

Targets

    • Target

      0affd3484eebdea0fdaa40f4728ce51c6513d1c190c2e79a0a24db16021aebbd

    • Size

      583KB

    • MD5

      929457dc75bc3543c97bdafb7a00721a

    • SHA1

      12b2f7b1c2faf3533092b6b729c61903e17f4110

    • SHA256

      0affd3484eebdea0fdaa40f4728ce51c6513d1c190c2e79a0a24db16021aebbd

    • SHA512

      a4ca93b0d0e93e877e9526e13274fd6acd7f8efe25dc94985184c4f57a8739344648c2f4b1d36ec80c8d01d68fff6225c8833a5b130e34b02aa2aaf783fe3ad5

    • SSDEEP

      12288:NM0bdyzpX23UYWx0EPs21KEP3x9G7JCBhx2YV0fOdHrnBHbAZv41BY:22yzJ0ULxfPs21BPi7JCBhoYSfOdHrq/

    Score
    8/10
    bootkitpersistenceupx

    • Executes dropped EXE

    • Modifies Installed Components in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks