abee76ecd282b812c7e052adc1ffa6ab91c8492fc00ae46c31e22c5a1bbeb9cf | Triage

Submit
Reports

Overview

overview

8

Static

static

1

abee76ecd2...cf.exe

windows7-x64

8

abee76ecd2...cf.exe

windows10-2004-x64

8

Sharing

General

Target

abee76ecd282b812c7e052adc1ffa6ab91c8492fc00ae46c31e22c5a1bbeb9cf
Size

309KB
Sample

221124-ej488sfg64
MD5

867f1fdfc0c1dc2124555c120314ba71
SHA1

d3a4696f8c05002a4acba5d08b9da952a0d38550
SHA256

abee76ecd282b812c7e052adc1ffa6ab91c8492fc00ae46c31e22c5a1bbeb9cf
SHA512

6e92c0959393641882c428a31ac9e5609e17efcbfca4d222751335b5715403d22d3667902a7a93560f2c8070cd87eecb8ce1b5f98d32e46d8dc66383ff8d3d69
SSDEEP

6144:bOPjmod870Aa5Xh289/xhYzV1lL9wVdthjZj5Rjs1ID7XoJjBmb9xdemMrM:EruvaxhjI7jeVZtRgSXmBK8mMA

Score

8^/10

bootkit discovery persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

abee76ecd282b812c7e052adc1ffa6ab91c8492fc00ae46c31e22c5a1bbeb9cf.exe

Resource

win7-20221111-en

bootkit discovery persistence upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

abee76ecd282b812c7e052adc1ffa6ab91c8492fc00ae46c31e22c5a1bbeb9cf.exe

Resource

win10v2004-20221111-en

bootkit discovery persistence upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  abee76ecd282b812c7e052adc1ffa6ab91c8492fc00ae46c31e22c5a1bbeb9cf
- Size
  
  309KB
- MD5
  
  867f1fdfc0c1dc2124555c120314ba71
- SHA1
  
  d3a4696f8c05002a4acba5d08b9da952a0d38550
- SHA256
  
  abee76ecd282b812c7e052adc1ffa6ab91c8492fc00ae46c31e22c5a1bbeb9cf
- SHA512
  
  6e92c0959393641882c428a31ac9e5609e17efcbfca4d222751335b5715403d22d3667902a7a93560f2c8070cd87eecb8ce1b5f98d32e46d8dc66383ff8d3d69
- SSDEEP
  
  6144:bOPjmod870Aa5Xh289/xhYzV1lL9wVdthjZj5Rjs1ID7XoJjBmb9xdemMrM:EruvaxhjI7jeVZtRgSXmBK8mMA
Score

8^/10

bootkit discovery persistence upx
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistenceupx

behavioral2

bootkitdiscoverypersistenceupx

© 2018-2024

Terms | Privacy