9fccbbeea4b966efae9ff729b9aa7670df52aea2c2eea49adb7459c875c7166f

Sharing

Copy URL Twitter E-mail

General

Target

9fccbbeea4b966efae9ff729b9aa7670df52aea2c2eea49adb7459c875c7166f
Size

2.5MB
Sample

221107-b15pjsbfe2
MD5

03e5f86ef4923e0a0e97d563a35d48d5
SHA1

93f3b5dfdd9da76773e8057a27199f4d9d512efd
SHA256

9fccbbeea4b966efae9ff729b9aa7670df52aea2c2eea49adb7459c875c7166f
SHA512

2c278607a73f286e108c5b4d3bb612c24ec291961775cf62709a727395b6a2492fbc3c5cc1bb7afb9ed33ee9c70bb499ff64293e0281bac70509e9e2c1ddcde9
SSDEEP

49152:4Y7SdAp8eQECN/yQQ9rxKEfbA0ZT56VoTM2oEhEYLcPTDvKIxcHVVJLv:4YeipEECwQQ9rsE00ZT56Va7o2bAHKM8

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  AddinStockHGT.dll
- Size
  
  1.2MB
- MD5
  
  6ec026f2193dcb28fc0d54902e1da37c
- SHA1
  
  d7ad2864c11ec51ee85ea39f611bcad81930751e
- SHA256
  
  b90778e841f11424534d0b4cdc3928835dbcaaa226bc9e2705eaf3881b7d98a5
- SHA512
  
  a2cd99f1d94e8d8492a91f1fd0636e82b87d8557ad2bf467124e4b95faf6379c01d3427703d2a23a86d3bc71d8810e6f725f315aba84e9bf83c3c0768917f2e2
- SSDEEP
  
  24576:CT1DP289kDVV1fHo46E+6Uh56/rJQRRPyqdwHL0YCwtT8wZJsEq0:CT1D4vOr5Oq/FaTzZGEq0
Score

1^/10
behavioral1 behavioral2
- Target
  
  AddinTList.dll
- Size
  
  350KB
- MD5
  
  f2ca5fb8b94e472502850476be2333e2
- SHA1
  
  8177a82de306953c1f381044055a9a3aab3ff657
- SHA256
  
  e92bedafee5ae6b19f287c86da53420b424e0353518d3fa966e5237c25c165e1
- SHA512
  
  7b4e6c251395f013d9e9a0dad6f0f26a3ecc8406ae5a18f2e2963ee90f09aae74b41e85a0ad508de73f524b25fac41ab537979e7bd3d12e79152482c194a6fef
- SSDEEP
  
  6144:zNUcv5IG1lccq81FjWDSYbOs+mcDGAtwr:zNUc6u9h1KBwGAtwr
Score

1^/10
behavioral3 behavioral4
- Target
  
  AddinTradeBox.dll
- Size
  
  1.4MB
- MD5
  
  cfb235868c814c429c69cedcfa136a18
- SHA1
  
  98b663f91d3dd3df1688c5b7e04d5891116b8d68
- SHA256
  
  5aef43404ec1e80c02c4b1ef69762b9e21a73e26911356823f102f5a71a50302
- SHA512
  
  f0e46c0175c400dee186bb9027c33adf5e0607ddcbf33fa6689694689cbeda3a53d9f13ca31455b643f885e705a45fd54141deff5ab3d7531636a207f15ab40b
- SSDEEP
  
  24576:HmYhAKVd1oAeS99p3MQDLw/iMambwUpKoN:GH208iEQdN
Score

1^/10
behavioral5 behavioral6
- Target
  
  AddinUtility.dll
- Size
  
  1.2MB
- MD5
  
  b6fbdef1f48dd87c3c0382b12e837581
- SHA1
  
  48de295a5ba98a14b2edda4c3a0a412f41849abf
- SHA256
  
  1a843b6aa856fccfd54607a9b31d79a49ee44ed1f34c17d77a241a79635d3664
- SHA512
  
  b13c72d794c3bf4acda51b7b0e79b26d2b174109c8db3aa8731ca09d42126c32a4d04a3c186fed5686bc0ac98dad876cb16e45fed705ad77088957c56fd59443
- SSDEEP
  
  24576:nqZlWC/PfhHYtnhwcBy6zeABbbdtkgNTNCBLJwRkylz7Eu32o7mj:nsU2l8wc5VtLTNJkylz7x32o7o
Score

1^/10
behavioral7 behavioral8
- Target
  
  AddinVipLc.dll
- Size
  
  374KB
- MD5
  
  cf387146763f9f646936daf1f24e28d8
- SHA1
  
  f247029f809f8af04ccbbb52634ece7fd37dbf13
- SHA256
  
  94c037eacc34d4201b3c76685f20c45aa1054e8cee021debc8c97c86af096421
- SHA512
  
  8613943cae09a44e60e42318fc669fcaac014844b3dfae8b53567c3ad947331f9d3b0e5caeec3dd650ac876d99c47e462ba8967760af5179e1b71258be6226d8
- SSDEEP
  
  6144:RB/vk7wdPvsIYUcb0DSYbrkkwrxGdXpnG:RB/sch7hmGm
Score

1^/10
behavioral10 behavioral9
- Target
  
  AddinYzzz.dll
- Size
  
  626KB
- MD5
  
  d7db1d04a26f7d765af987372325960c
- SHA1
  
  333a3007bb86f0d7e0bd453afb9f8a17eea80a42
- SHA256
  
  7cc2c9186eb4d316db835e181586850a97710b770161ef03b469e8d1cbb28406
- SHA512
  
  51a50c9d7e36134753225e2ebcbb11b8bac6d3652db2ed289b1270e284e8d2b9d86da4feeb477343da7bee97aba0134066ca8f9f76a633906f4c09692bc80642
- SSDEEP
  
  6144:n62Af7vNp1qW9CuA4w3EV8j9zMJnGDDYKxloSC+1q0S+HzdpDSYbHwJhhF0GfZyT:nrAvD17CxN2tYM0S4IhIGUxOO
Score

1^/10
behavioral11 behavioral12
- Target
  
  GetMachineInfo.dll
- Size
  
  166KB
- MD5
  
  a004915330a150f649e73d94b5c2e7ba
- SHA1
  
  ae1acefbf6a481ddc6e486e173d18be8c6e09a92
- SHA256
  
  cdf2c8378548e6a549f7d88a51d96cd917c655c8f368ff009d8ebf244c4e4dc1
- SHA512
  
  00ee6ab487bfa238835d865ad4fdf9422caa8a594afe2bc8c0b268468b3dcf6f553ac5c4a5d259aa1bcfa2c3a56b95be4f26691dc1b1a3baeab769c608ebcf1d
- SSDEEP
  
  1536:0WpUUJT60s+PVTxgvbaJ+XoT/hHy39DlPgjHCw6/OaH85pBlBbtU6hD28iT7bpgr:0T+e3l+J2oTA9BPuQOJNlJ26hViTxgr
Score

7^/10

bootkit persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral13 behavioral14
- Target
  
  ePass2001API.dll
- Size
  
  166KB
- MD5
  
  45b62fd79260fa27a0b20b39f95119e0
- SHA1
  
  e5a4e8f4375e6f539b931f1f2abd495429dcded9
- SHA256
  
  f86018fc483ee5257198688003a0524cfc9764963b7854ad943102e7b8ea18cd
- SHA512
  
  ba232be37b65f7c66e35a4ed1c8a8788e7ad5b56b265508e8306d62c88cbfd3722020371e9da2591c33b991cb0483606b76ba98dd432a7c3372d0e46958d27a2
- SSDEEP
  
  3072:Kw0AZZogXShwNG0uBKMMgwiJIlt5H+ne:KwChlpBKBgwig
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks BIOS information in registry

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16