6588bf866e215aa89aff5f90200c2a636328ff5fdbede279145a53d2e651dc76 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

6588bf866e...76.exe

windows7-x64

8

6588bf866e...76.exe

windows10-2004-x64

8

Sharing

General

Target

6588bf866e215aa89aff5f90200c2a636328ff5fdbede279145a53d2e651dc76
Size

2.1MB
Sample

221124-f4c6xsbg43
MD5

682558c06c1f58e2fed3c4454c860567
SHA1

043845b9894849f5e22e0d2793347fee34b3c4e3
SHA256

6588bf866e215aa89aff5f90200c2a636328ff5fdbede279145a53d2e651dc76
SHA512

5a6a7fc001d96ae201c778c12a107b24164c0f91db7d7f110fd27d666ebc3b6037bcc77d6880b5d79090afb41ea2f7d3fc5adfd8b1920cb9a00b31b3f0195dde
SSDEEP

49152:a++1fkqbtkftPcnUfQ2AyoIw/QmyPvY/rHVt0:BE8qbct0nC9oIwYmyPark

Score

8^/10

bootkit persistence upx vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6588bf866e215aa89aff5f90200c2a636328ff5fdbede279145a53d2e651dc76.exe

Resource

win7-20220812-en

bootkit persistence upx vmprotect

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

6588bf866e215aa89aff5f90200c2a636328ff5fdbede279145a53d2e651dc76.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  6588bf866e215aa89aff5f90200c2a636328ff5fdbede279145a53d2e651dc76
- Size
  
  2.1MB
- MD5
  
  682558c06c1f58e2fed3c4454c860567
- SHA1
  
  043845b9894849f5e22e0d2793347fee34b3c4e3
- SHA256
  
  6588bf866e215aa89aff5f90200c2a636328ff5fdbede279145a53d2e651dc76
- SHA512
  
  5a6a7fc001d96ae201c778c12a107b24164c0f91db7d7f110fd27d666ebc3b6037bcc77d6880b5d79090afb41ea2f7d3fc5adfd8b1920cb9a00b31b3f0195dde
- SSDEEP
  
  49152:a++1fkqbtkftPcnUfQ2AyoIw/QmyPvY/rHVt0:BE8qbct0nC9oIwYmyPark
Score

8^/10

bootkit persistence upx vmprotect
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistenceupxvmprotect

behavioral2

© 2018-2024

Terms | Privacy