47b2b14cf7b646cc20b42eec6183a400bf92d2c685d33f974950efa3c2b7d6c3 | Triage

Sharing

General

Target

47b2b14cf7b646cc20b42eec6183a400bf92d2c685d33f974950efa3c2b7d6c3
Size

1.4MB
Sample

221125-14fbhaae78
MD5

13ff79769e59d1d5381660fa1cfb1947
SHA1

46aa00f41b64c97510b3057b8b3fcdc4aa6cdd07
SHA256

47b2b14cf7b646cc20b42eec6183a400bf92d2c685d33f974950efa3c2b7d6c3
SHA512

9871b39e83bb0c8e8a1c83a7b81bbd0f4f38d9fb38768ddf1afe4b8cd9c99345a35cbdb43cda4167fe6b9386884dab67d80a97724f6ad1dad00f8d1881f710e6
SSDEEP

24576:0LJ/pwPuvvjsv9TK6z/amyR+xBKYXL3KMkrBeozJcD/g7dkrse4H1DzfV8jqV2vM:0LjwirQ9Txz/OR+xcYuMkrwozG/guX2j

Score

8^/10

bootkit persistence upx

Malware Config

Targets

- Target
  
  ybtbbfz/libeay32.dll
- Size
  
  1.5MB
- MD5
  
  372b62290e4cdde0b17e39777bdc77b9
- SHA1
  
  7f13989dbbad9c4693d4cf77bb14457ae3f5c3a7
- SHA256
  
  ccca2fd2496d651fb79493a6bf80f936ef483d1063125a18fd30dc026ad611d4
- SHA512
  
  2a3878698a753438aec3c2ad9ed58c9fc98964b717aecd1e2751b2e049727794bebe4bc2cefc840d1a171ff95ac403850bc001e267145771ff6c13f22f474873
- SSDEEP
  
  24576:uYxqMDFXiTHQfbBRJy/lK/MvnKBwpkRcrVz2QLFm8AW+m9sR:fMyXiTH8V4K/MQi2QLFmLW39M
Score

1^/10
behavioral1 behavioral2
- Target
  
  ybtbbfz/ssleay32.dll
- Size
  
  305KB
- MD5
  
  5160c01c27902af4a101ad40f3806b2d
- SHA1
  
  15dcc5cd89cef5b5c7279945ff755cb048d2a3aa
- SHA256
  
  7758cea6ce6d26c20ffec118793d8aa46ea3e10540974169eb2f5fe55cd59d15
- SHA512
  
  0265f379078b853640845852e481a4db85975da03b49091498a669afaeecdc690e601c46ab3ff50bd30f0b68360104cfb9c87e080f163bbda1d4436268d383cd
- SSDEEP
  
  6144:yVipv1RSqPRNwmxgj2i1IqoaV/5jeK9GRtg:yV8R9LwYgjbVVCg
Score

1^/10
behavioral3 behavioral4
- Target
  
  ybtbbfz/友邦店铺宝贝下载专家.exe
- Size
  
  816KB
- MD5
  
  1ffcc03ad192293868e0f04e8c8b4ab3
- SHA1
  
  3d7e01d05a08d42cc6f3f82bda990a55301da2ab
- SHA256
  
  03a4a42faa47f2bc895a5c92cd11ddc004a5372a637908d9daf3e5a0e3a8aa58
- SHA512
  
  cff0c44a0702410c302495e5207ed33565bcdeed52e5d2a3e3ee6bfacae1f1d64037c36a61395ad42c2aa326b4c2cd8aa0446c15f40ca74a3979b8aa46ae352a
- SSDEEP
  
  24576:fG4zgGLCQP2UTucsUbx4xtxb44BnBDmon:vRCQP2N3cyzxzz
Score

8^/10

bootkit persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral5 behavioral6
- Target
  
  ybtbbfz/河源下载站-xz7.com.url
- Size
  
  202B
- MD5
  
  42ad81e65e24f2f3c0c827ef4178dfcc
- SHA1
  
  9e6ab20766e685da7e4996ac3e6319c9ac6a2ae9
- SHA256
  
  9f65596d918954fe060467b28104b881712f0a08aaae63fca067c5a3d2ac90c9
- SHA512
  
  f49281e600a251e540b0ca69caeef4ee58d604133a5c5edf27e48bf855236604babd2f6a3ceb0f822ab25a4f0e296ad54bfbb72a32dc53e3a18f72681fcf099d
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

bootkitpersistenceupx

behavioral6

bootkitpersistenceupx

behavioral7

behavioral8