f049944b5e95457a5d8028ea49104e8777519061756226a07f7f671dc0d9820e | Triage

Sharing

General

Target

f049944b5e95457a5d8028ea49104e8777519061756226a07f7f671dc0d9820e
Size

4.1MB
Sample

221124-pzwbdahc7t
MD5

9f2767adfece33af4eeca8eca2768143
SHA1

6663f3e5a632f9f24903be95b478e4b9b45233c3
SHA256

f049944b5e95457a5d8028ea49104e8777519061756226a07f7f671dc0d9820e
SHA512

0ebdba18aa32bb3acb616f952c4c94b222d9b156a8e56349cb4cfe93f0cc8ad1b430a208303d9c72e0dbdfa07d9cb50cd7fc1ef89f9da0dadac4bad5e66b4959
SSDEEP

98304:y/cABScWf7ubPULCVlThbL9pswliofqh36iy+xTVnJDGfYZ2mUs0:y/cABGQ51sKqcoVnMAPM

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  xeogp_30340.exe
- Size
  
  1.9MB
- MD5
  
  3fa87385441b44221f407d4235b7c4de
- SHA1
  
  14b3369ca3c0c23736f4ecacb14582091f98a8c4
- SHA256
  
  6a5fb367f94fcf89add5b223fa9acf48c0ed8cf59cef2c861b73a185dfee7e44
- SHA512
  
  1ee134fad0bdbcc88ec1c71fdd003175cd4f35c70a5a0075fc3bb6da75a9abfc43d13138831dc0c8cc0f3dea1a06bb63a3410617a8cf1b232e7aecd3109375d3
- SSDEEP
  
  49152:O2y6li4Yy7G+OZ3rg7+SPIH4k9dNprVnN2+MRyZZtUAuPmfkK:jy6liyjOZ3W+yIXpVnN/MRQZ6AUen
Score

7^/10

bootkit persistence
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  炫音4.9.19【炫音三代】.exe
- Size
  
  2.3MB
- MD5
  
  7f112c51a8d3900256e7d82ccf999a74
- SHA1
  
  94410f93599403e1f714cb1ed71b65ddfc55cfb0
- SHA256
  
  6474baea2533685d49b964ca61e3c17990fcacba8d57f89bd48406cea77b866c
- SHA512
  
  31189ed5b20342ac88e444580db70796a3977e7f8017a818806f69712c34cb70ad40c2eeb02bf6bc53818ee51e38a0fe0846af07250e503a7f09f9e6ea8bbb16
- SSDEEP
  
  49152:K8+O4MerYJ+xmkedCGacWfpdUcCggFQOZeGnBphpXh+q4A:9rEidQcWfpuVHK3oBXRh+q4
Score

1^/10
behavioral3 behavioral4
- Target
  
  炫音最新版下载-炫舞炫音最新版下载4.9.19 免费版_ 西西软件下载.url
- Size
  
  62B
- MD5
  
  0db9c3f9627d463f8b85b6080f6fcaed
- SHA1
  
  78453ba41ca48ce9bd20dd06bbe6695502ced191
- SHA256
  
  2212f01a954b7985bf559cee30c7e77d34acd25a87beb899942c41543beb9997
- SHA512
  
  c1e6a6afd638c4a25dc95faefef4ba855b1414e430bd7483e7aef4e59e08933e32177b2173f3eb33a9aac2f75938955ffbd34583b04bebc33d8179ed33461dec
Score

1^/10
behavioral5 behavioral6
- Target
  
  西西软件园.url
- Size
  
  76B
- MD5
  
  4157fe13cdc042aa78a053c935860167
- SHA1
  
  a9451c0873091180e39b91dd9fa495f6f63107d6
- SHA256
  
  0f5d6a7f5fc34c95f974274c5c122dcf01e5f3ee376d7851d2254e76f5e4cfeb
- SHA512
  
  27534695dfa008a5c87cef84224c76b0c6705da566325940809d1fd8bac5c5b13cabeca7516e62666f2982dddb26eb5343e7d4af3f30cc9371e9e988b3ad41f6
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8