608baaa3ec9cfdf7eebbd360828dc871e3cc53cd791bb6152c8bd6c4adbf716e | Triage

Sharing

General

Target

608baaa3ec9cfdf7eebbd360828dc871e3cc53cd791bb6152c8bd6c4adbf716e
Size

6.6MB
Sample

221125-a58fkadf9y
MD5

cecb7d3d1a9f81b75601554a70391cc1
SHA1

cc2c9c0f160f866dcc9b29341fbb2bb4eb3145d2
SHA256

608baaa3ec9cfdf7eebbd360828dc871e3cc53cd791bb6152c8bd6c4adbf716e
SHA512

ad6ad20fa6975eab6e72b470f98fe1ad7cb5397efa298480675520c5199710ed42fc6719b323b84a1b7ab1c29fd73e009083e1cf43cec1a1cf06fb0b3a44a6bb
SSDEEP

196608:DRCi+hkuLqFeJ1f1plAwXv1nPPm0Bv3/+UST0Bh/Y3Jto:Dd+hkuL9Lf1DtnmavP3E0j/YTo

Score

8^/10

bootkit persistence vmprotect

Malware Config

Targets

- Target
  
  CF͸V1.0/CF½.exe
- Size
  
  7.0MB
- MD5
  
  adf3a9d53352bfbb476698ba6af45434
- SHA1
  
  25540b88c67d61f8766f9d1284c721754f011978
- SHA256
  
  3ff1b1faae2179aeb59d3ba080110e138f25e24f66bc52bf304ec269f012d550
- SHA512
  
  adcff3fde82b1c7dec4ed4a3eeff81c4b87d3e4045746149f18858e14beec9b44c68cc4f2df7392d631f3648e8c488bbc1e05b55a21fcc3f701d68802a7999d6
- SSDEEP
  
  98304:cepGTo0F7jR9pF6vhyFkf84hSyQt9Hwq2SJPaNRb7nPdDwQVD7y:B4ZjR9yyG04hbQUSQRXnlDwQVDG
Score

8^/10

vmprotect
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  CF͸V1.0/.url
- Size
  
  149B
- MD5
  
  3356ff38ffcbcf0c2d8cd8a474414dcf
- SHA1
  
  872f2ebeba5eea4d498b3b0bc2411002697cc3ca
- SHA256
  
  86aa6a1c2cb218b88dc423a33c4bcc6fc2ae32bb48d366669710b57c71aa0eca
- SHA512
  
  6e5611bc205c0649e861a46e49685cc6c8db74626f31bdf15d01249d6bb641ae9a81e68e3460460a89fabb6a669032b6fbc8da557d979ffcb2ef315fcdfef816
Score

1^/10
behavioral3 behavioral4
- Target
  
  csla_30367.exe
- Size
  
  2.0MB
- MD5
  
  fdc89772a53b7ac5b336789ef67a0911
- SHA1
  
  5bb38ac0f1e605c6e710268d9a7bcacdc343952b
- SHA256
  
  d9bf029440c25e053980e95f54750c9f942118c19f54d411e8ded9c8a4c352f8
- SHA512
  
  7d5436780c9bc2b38a026a89b943b03e8d3031eba0f1bb356422bef25ad27f1e34f75f932db3deedcf02fd39b8f0657fbc4f9e47ea7b6be33140897c62b8bd05
- SSDEEP
  
  49152:w+q5Y63XJAqJepSwLOHE8daBY2qCWRcGT48zNq:n6Y6Jl2z6HExBPhWmGTW
Score

7^/10

bootkit persistence
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral5 behavioral6
- Target
  
  ˵.htm
- Size
  
  1KB
- MD5
  
  6782cfbe06b60dcc453cb6fe3073a9b8
- SHA1
  
  ce797c4e059c5262cbcc383f6cc8009fc17f6bbf
- SHA256
  
  6c896ec8dbec812744cdce255c28330b85fd1d30f93231bb3da62c3f36e697d2
- SHA512
  
  6c48fce6afa33290fbbe6435cee6f99bbcaac1bc3e66a1889e7c78a7b1f7607640f42d1d71ee6655bf957f92c6c14f6a40e4185de12fc2da645b5286a040716e
Score

1^/10
behavioral7 behavioral8
- Target
  
  վ.url
- Size
  
  211B
- MD5
  
  f27c2f066488db1a0704f5d6a2d182f0
- SHA1
  
  215f448636d7769fc496301c65ae87e205bebe9b
- SHA256
  
  623f997fc65cd09ec49022948a506653f4c536802f6e5dfc6af7d3bf6ac0ff00
- SHA512
  
  091ad55197826afdcebdb7dd05cc76859462f2e4d1823a341fc58489c268016d994a27712820b735d424d205734d86dcdcc837311d02d4df6c515e49c1449bb0
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

bootkitpersistence

behavioral6

bootkitpersistence

behavioral7

behavioral8

behavioral9

behavioral10