414c4a131caf7ca562679d88c15f5a02d05b147fe29d2962f4b60cf30dd4c506 | Triage

Submit
Reports

Overview

overview

8

Static

static

414c4a131c...06.exe

windows7-x64

8

414c4a131c...06.exe

windows10-2004-x64

8

Sharing

General

Target

414c4a131caf7ca562679d88c15f5a02d05b147fe29d2962f4b60cf30dd4c506
Size

7.8MB
Sample

221123-f2ft2afg3z
MD5

536ec4fb97888f9b9ed24c5de1e57731
SHA1

71f01598793c6afc5356f285faf1c59561ed07b2
SHA256

414c4a131caf7ca562679d88c15f5a02d05b147fe29d2962f4b60cf30dd4c506
SHA512

8527ea6a87dd2c246aeadf140f97ab2d681efa691b7452a30d7fd19cc9b2de2a686e96eb128cc0603c26b2fa2d982db2dbd5bbdf37c7f64fb47a91a86e6027cd
SSDEEP

196608:dI1V56+A15Gmro5P+/gMOxL4P42dotqjaoy48uMhFoTDuC:dI1H6bvGLPagrZI7ddjTdM7U

Score

8^/10

bootkit discovery evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

414c4a131caf7ca562679d88c15f5a02d05b147fe29d2962f4b60cf30dd4c506.exe

Resource

win7-20221111-en

bootkit discovery evasion persistence

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

414c4a131caf7ca562679d88c15f5a02d05b147fe29d2962f4b60cf30dd4c506.exe

Resource

win10v2004-20221111-en

bootkit discovery evasion persistence

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  414c4a131caf7ca562679d88c15f5a02d05b147fe29d2962f4b60cf30dd4c506
- Size
  
  7.8MB
- MD5
  
  536ec4fb97888f9b9ed24c5de1e57731
- SHA1
  
  71f01598793c6afc5356f285faf1c59561ed07b2
- SHA256
  
  414c4a131caf7ca562679d88c15f5a02d05b147fe29d2962f4b60cf30dd4c506
- SHA512
  
  8527ea6a87dd2c246aeadf140f97ab2d681efa691b7452a30d7fd19cc9b2de2a686e96eb128cc0603c26b2fa2d982db2dbd5bbdf37c7f64fb47a91a86e6027cd
- SSDEEP
  
  196608:dI1V56+A15Gmro5P+/gMOxL4P42dotqjaoy48uMhFoTDuC:dI1H6bvGLPagrZI7ddjTdM7U
Score

8^/10

bootkit discovery evasion persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistence

behavioral2

bootkitdiscoveryevasionpersistence

© 2018-2024

Terms | Privacy