97f3487098e00bba3870e77477b11208e479d943e5b9a9bbc9756aafe5534a98 | Triage

Submit
Reports

Overview

overview

9

Static

static

97f3487098...98.exe

windows7-x64

9

97f3487098...98.exe

windows10-2004-x64

9

Sharing

General

Target

97f3487098e00bba3870e77477b11208e479d943e5b9a9bbc9756aafe5534a98
Size

1.5MB
Sample

221123-zejf7acf58
MD5

f0c20f9bc97146763958f6b9e3e34324
SHA1

336c082cc709732c215837207c030ea3486cedcf
SHA256

97f3487098e00bba3870e77477b11208e479d943e5b9a9bbc9756aafe5534a98
SHA512

0c65c377c3a92f96308b759b056fca07f1462c5a8d2f89252fe409e8d7acec990d8b9b468d001da06c44d866f28d762fb6039f06fe0d7404c87b577ffc65af87
SSDEEP

24576:mpISl+AqWY0Hc73EcYObe4eyivXOZC86Jt5HKLtQYVbOELchRI5l6y9B+:2cfG873EHOb/eBcC86JTHKxNVSN45l6t

Score

9^/10

bootkit evasion persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

97f3487098e00bba3870e77477b11208e479d943e5b9a9bbc9756aafe5534a98.exe

Resource

win7-20220812-en

bootkit evasion persistence upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

97f3487098e00bba3870e77477b11208e479d943e5b9a9bbc9756aafe5534a98.exe

Resource

win10v2004-20220901-en

bootkit evasion persistence upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  97f3487098e00bba3870e77477b11208e479d943e5b9a9bbc9756aafe5534a98
- Size
  
  1.5MB
- MD5
  
  f0c20f9bc97146763958f6b9e3e34324
- SHA1
  
  336c082cc709732c215837207c030ea3486cedcf
- SHA256
  
  97f3487098e00bba3870e77477b11208e479d943e5b9a9bbc9756aafe5534a98
- SHA512
  
  0c65c377c3a92f96308b759b056fca07f1462c5a8d2f89252fe409e8d7acec990d8b9b468d001da06c44d866f28d762fb6039f06fe0d7404c87b577ffc65af87
- SSDEEP
  
  24576:mpISl+AqWY0Hc73EcYObe4eyivXOZC86Jt5HKLtQYVbOELchRI5l6y9B+:2cfG873EHOb/eBcC86JTHKxNVSN45l6t
Score

9^/10

bootkit evasion persistence upx
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitevasionpersistenceupx

behavioral2

bootkitevasionpersistenceupx

© 2018-2024

Terms | Privacy