3a9a6b9dce64599aada8af8d84794e16b55208a6c41cf417511b5443033c8b16 | Triage

Sharing

General

Target

3a9a6b9dce64599aada8af8d84794e16b55208a6c41cf417511b5443033c8b16
Size

346KB
Sample

221125-17vwcsah69
MD5

9b962efb10b9cadb4afd7b87de301628
SHA1

c3286d09dedaf7ad86b0da0d155b2ae78ed5f750
SHA256

3a9a6b9dce64599aada8af8d84794e16b55208a6c41cf417511b5443033c8b16
SHA512

4ace3fe0d3ceb134b14d62da3f4a5ecc371574598c9643fc51cc0fe0ac63835c1a4840236dcf422b87f941ad9681b9569d740fd7cfa4ec4ee681aec1f5f0b32e
SSDEEP

6144:eAYCYJ5leFYs1fpEOX34IKfXjK5c8HBgmBLCWh1fBIwPdAlS3jGlR9qNqgt8bbgO:eAYLBeFv1fpN4I8X+jBRLCWHfBhaUj+J

Score

8^/10

bootkit evasion persistence trojan upx

Malware Config

Targets

- Target
  
  qtpindaomoniqi/JZ5Uɫվ.url
- Size
  
  111B
- MD5
  
  3e8d917d0d10210cd051d7c251bcb9d9
- SHA1
  
  92bd693746a70ebf302b1f30afbebe1e3d6f4a37
- SHA256
  
  026cee18a5e42425585a1a324fe0894be7cb2fcb1869310ad2a38b73f96e89ef
- SHA512
  
  f676fdeb3cb04db79075adb3e5957dc1722d71a6f7edd03f7cb28b3cce60183e52e952f30c74184799350f0963da5ed8b9b69dfee85eaed49dc724c38985176b
Score

1^/10
behavioral1 behavioral2
- Target
  
  qtpindaomoniqi/qtƵv1.0.exe
- Size
  
  357KB
- MD5
  
  27977ed91436414661d00c1de0b6da26
- SHA1
  
  f27b3928df5ecfb87ba0ea8ed7f6e9db660a215c
- SHA256
  
  978d822ab83664974cabc8ec2359bbec744f544cbcc606658ae0b9ec0d9645d5
- SHA512
  
  fd40935f0cde968d2c956620cc3febe4a4afa33b74508fbfd1044c41e62710ddd2df078762d8148a6e15cafb2542e53e3e0fc82144ea2aca10c342e85959d413
- SSDEEP
  
  6144:iHm1aFYs1fpECX34IofXFK5c8HBgEBLCch1fBIwPdAtS3jilR9qNYgt8PFoSpi:PIFv1fp74I2XMjB1LCcHfBhaMjiR9qNU
Score

8^/10

bootkit evasion persistence trojan upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral3 behavioral4
- Target
  
  qtpindaomoniqi/ʹñض.url
- Size
  
  112B
- MD5
  
  b72fb6817f28cc91c35322b3c9864a12
- SHA1
  
  f075eca15246bc681083f3580b6224d43c02506b
- SHA256
  
  e6a86be0cd8f1c493fdb1b9e841255fd36fd12cde26dd2054003603469f08a76
- SHA512
  
  672e0794f73c6210558bad9a985c893704d82d4a203a394ed896c132c8d52ae9a32256c8456d29863e35e35b339b57d55835487c6cf37837e6cd3f5b4cf63b8c
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

bootkitevasionpersistencetrojanupx

behavioral4

bootkitevasionpersistencetrojanupx

behavioral5

behavioral6