e13051091b47bf5a1174877b14a2a63b9f6095df1a7a55735098b081f9e02c29 | Triage

Submit
Reports

Overview

overview

8

Static

static

robloxapp-...54.wmv

windows7-x64

8

robloxapp-...54.wmv

windows10-2004-x64

8

Sharing

General

Target

robloxapp-20221114-0929554.wmv
Size

3.3MB
Sample

221118-wedddsac46
MD5

680ca8d5d1ad9e8f1dc66dd6ab4a6672
SHA1

69ac1bdea7d32b2d017a132471885db5e38af2ac
SHA256

e13051091b47bf5a1174877b14a2a63b9f6095df1a7a55735098b081f9e02c29
SHA512

c3503a7438f7ce424aaff29ef02cd63788df6b38f1ce86b5e414fcd358aa8c7b930dfc5682678e214377de4f7e5b9c1c42d0211785173fd345195df77ec9ed2c
SSDEEP

98304:1sn/tq2Uo9H2o9T9GUfV7w96x2g4LGYAhm:i423H2ITwUK6LY3

Score

8^/10

bootkit discovery evasion exploit persistence

Static task

static1

Behavioral task

behavioral1

Sample

robloxapp-20221114-0929554.wmv

Resource

win7-20220812-en

bootkit persistence

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

robloxapp-20221114-0929554.wmv

Resource

win10v2004-20220812-en

bootkit discovery evasion exploit persistence

windows10-2004-x64

30 signatures

150 seconds

Malware Config

Targets

- Target
  
  robloxapp-20221114-0929554.wmv
- Size
  
  3.3MB
- MD5
  
  680ca8d5d1ad9e8f1dc66dd6ab4a6672
- SHA1
  
  69ac1bdea7d32b2d017a132471885db5e38af2ac
- SHA256
  
  e13051091b47bf5a1174877b14a2a63b9f6095df1a7a55735098b081f9e02c29
- SHA512
  
  c3503a7438f7ce424aaff29ef02cd63788df6b38f1ce86b5e414fcd358aa8c7b930dfc5682678e214377de4f7e5b9c1c42d0211785173fd345195df77ec9ed2c
- SSDEEP
  
  98304:1sn/tq2Uo9H2o9T9GUfV7w96x2g4LGYAhm:i423H2ITwUK6LY3
Score

8^/10

bootkit persistence discovery evasion exploit
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Bootkit

Hidden Files and Directories

Privilege Escalation

Defense Evasion

File Permissions Modification

Hidden Files and Directories

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Process Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitdiscoveryevasionexploitpersistence

© 2018-2024

Terms | Privacy