12c0b1a6be0b09f1f8639d5200f1a1498cb7917110630f6cf2ec13a88898c770 | Triage

Sharing

General

Target

12c0b1a6be0b09f1f8639d5200f1a1498cb7917110630f6cf2ec13a88898c770
Size

914KB
Sample

221123-zayqbafd8w
MD5

7ddc9aee1acdc3d724cd23f2e9908c25
SHA1

eb89bcdcaa3cb72b02883eab5afc047bdfb72fab
SHA256

12c0b1a6be0b09f1f8639d5200f1a1498cb7917110630f6cf2ec13a88898c770
SHA512

74df5983de289935505c370411c53775ce5b2560eddf0ff1a4d7da024eb2cc32acefc4cab002074d2ce45a82bde6940f77eff07cfdb870f5a1780aa1e7b01dc9
SSDEEP

12288:8yxH1k5Z2/W/AjMdJ8s+GLbdjCEiHOkcigDj+1NAzljkNwH0OMmcMyZOnbZSD:JVcerjktFttipqj+8ljyW0OMm4ZabU

Score

8^/10

bootkit persistence vmprotect

Malware Config

Targets

- Target
  
  12c0b1a6be0b09f1f8639d5200f1a1498cb7917110630f6cf2ec13a88898c770
- Size
  
  914KB
- MD5
  
  7ddc9aee1acdc3d724cd23f2e9908c25
- SHA1
  
  eb89bcdcaa3cb72b02883eab5afc047bdfb72fab
- SHA256
  
  12c0b1a6be0b09f1f8639d5200f1a1498cb7917110630f6cf2ec13a88898c770
- SHA512
  
  74df5983de289935505c370411c53775ce5b2560eddf0ff1a4d7da024eb2cc32acefc4cab002074d2ce45a82bde6940f77eff07cfdb870f5a1780aa1e7b01dc9
- SSDEEP
  
  12288:8yxH1k5Z2/W/AjMdJ8s+GLbdjCEiHOkcigDj+1NAzljkNwH0OMmcMyZOnbZSD:JVcerjktFttipqj+8ljyW0OMm4ZabU
Score

8^/10

bootkit persistence vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistencevmprotect

behavioral2

bootkitpersistence