Overview

overview

8

Static

static

8

f1c932e347...bc.exe

windows7-x64

8

f1c932e347...bc.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f1c932e347cf6e1cd099ef1685c2e85f7d965d176f390fd44af4196260f145bc

  • Size

    88KB

  • Sample

    221030-w1pnjseegr

  • MD5

    821dd47cdc8540f60954d9f36a10ef5b

  • SHA1

    45b675b2c5309c2547b7f3d99dd4fd53da153f46

  • SHA256

    f1c932e347cf6e1cd099ef1685c2e85f7d965d176f390fd44af4196260f145bc

  • SHA512

    7492fe24379fefbd16e31cb7f00a0c0bed0afa7e9d53333b589b8bda03086c1890f919803bbea5ae646e59fd91db8b3411ea3cf117d76a1bb2b025f1b410e2cd

  • SSDEEP

    1536:dXNXdlRH+Dwk4cSGesvhC8plnQ85+HwClgfTQqPTFTCtOQ8CcfiM:ddtlRH+UxGzh3HQ85+QqoTBfiM

Score
8/10
bootkitpersistencevmprotect

Malware Config

Targets

    • Target

      f1c932e347cf6e1cd099ef1685c2e85f7d965d176f390fd44af4196260f145bc

    • Size

      88KB

    • MD5

      821dd47cdc8540f60954d9f36a10ef5b

    • SHA1

      45b675b2c5309c2547b7f3d99dd4fd53da153f46

    • SHA256

      f1c932e347cf6e1cd099ef1685c2e85f7d965d176f390fd44af4196260f145bc

    • SHA512

      7492fe24379fefbd16e31cb7f00a0c0bed0afa7e9d53333b589b8bda03086c1890f919803bbea5ae646e59fd91db8b3411ea3cf117d76a1bb2b025f1b410e2cd

    • SSDEEP

      1536:dXNXdlRH+Dwk4cSGesvhC8plnQ85+HwClgfTQqPTFTCtOQ8CcfiM:ddtlRH+UxGzh3HQ85+QqoTBfiM

    Score
    8/10
    bootkitpersistencevmprotect

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks