Overview

overview

7

Static

static

7474861a84...39.exe

windows7-x64

7

7474861a84...39.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7474861a84b08d8a11092a12900011e9eefb8aa617b275a420289503d8ceaa39

  • Size

    1.4MB

  • Sample

    221124-fv871abc62

  • MD5

    b3b58316d04d7c947d1041c1268c150d

  • SHA1

    9f21e538b2a00aff4ed87ffbaf23da8285b3456f

  • SHA256

    7474861a84b08d8a11092a12900011e9eefb8aa617b275a420289503d8ceaa39

  • SHA512

    7efb64792ecfdcc8d5ecd1c76e261b3e03f86aa4f8a4a8a02ebca9356d3a9d903a550079cdfaff10af8ba5c2267f1069ce0521c0ed5ec9861a9bb4943d4760ec

  • SSDEEP

    24576:7wgANAvijIgVsRYO6rw2yKidN0dnG2SUYPudf3i3j1ji:PIQijIgCRYVrw9HdNWVpGuE3j1ji

Score
7/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      7474861a84b08d8a11092a12900011e9eefb8aa617b275a420289503d8ceaa39

    • Size

      1.4MB

    • MD5

      b3b58316d04d7c947d1041c1268c150d

    • SHA1

      9f21e538b2a00aff4ed87ffbaf23da8285b3456f

    • SHA256

      7474861a84b08d8a11092a12900011e9eefb8aa617b275a420289503d8ceaa39

    • SHA512

      7efb64792ecfdcc8d5ecd1c76e261b3e03f86aa4f8a4a8a02ebca9356d3a9d903a550079cdfaff10af8ba5c2267f1069ce0521c0ed5ec9861a9bb4943d4760ec

    • SSDEEP

      24576:7wgANAvijIgVsRYO6rw2yKidN0dnG2SUYPudf3i3j1ji:PIQijIgCRYVrw9HdNWVpGuE3j1ji

    Score
    7/10
    bootkitevasionpersistencetrojan

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks