551f019ffc09597adbb8117de85c402f9e7e007fe55aea8ace9ec619914cb8b5 | Triage

Submit
Reports

Overview

overview

8

Static

static

Trojan-Ran...er.exe

windows7-x64

8

Trojan-Ran...er.exe

windows10-2004-x64

8

Sharing

General

Target

Trojan-Ransom.Win32.Blocker.ilxn-551f019ffc09597adbb8117de85c402f9e7e007fe55aea8ace9ec619914cb8b5
Size

696KB
Sample

221107-crtflacgg5
MD5

30cb62907de2444c63069aaf9e03deda
SHA1

3ec04edb8b500b3ff18e5158aa0136964fd4a8dd
SHA256

551f019ffc09597adbb8117de85c402f9e7e007fe55aea8ace9ec619914cb8b5
SHA512

6623d8132b76a102577d57511a4b3a9e81ba8cbefa99e283657bb798294b7aeaff5642382bf4dfa299694c3e2ac110c51aa27f0e64af88488a1b94fd52bf48a6
SSDEEP

6144:sPNDXW8jOD/gSwgQM6/lkw3RRHxNjfOB8xOE5SG6e:+W77gSw7WwBS

Score

8^/10

bootkit persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

Trojan-Ransom.Win32.Blocker.exe

Resource

win7-20220812-en

bootkit persistence upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Trojan-Ransom.Win32.Blocker.exe

Resource

win10v2004-20220812-en

bootkit persistence upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  Trojan-Ransom.Win32.Blocker.ilxn-551f019ffc09597adbb8117de85c402f9e7e007fe55aea8ace9ec619914cb8b5
- Size
  
  696KB
- MD5
  
  30cb62907de2444c63069aaf9e03deda
- SHA1
  
  3ec04edb8b500b3ff18e5158aa0136964fd4a8dd
- SHA256
  
  551f019ffc09597adbb8117de85c402f9e7e007fe55aea8ace9ec619914cb8b5
- SHA512
  
  6623d8132b76a102577d57511a4b3a9e81ba8cbefa99e283657bb798294b7aeaff5642382bf4dfa299694c3e2ac110c51aa27f0e64af88488a1b94fd52bf48a6
- SSDEEP
  
  6144:sPNDXW8jOD/gSwgQM6/lkw3RRHxNjfOB8xOE5SG6e:+W77gSw7WwBS
Score

8^/10

bootkit persistence upx
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistenceupx

behavioral2

bootkitpersistenceupx

© 2018-2024

Terms | Privacy