21c2c30c48d5b31c6c099bae2b05e7c70adfc14013c20aa70fb59d4c2467fa17 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

21c2c30c48...17.exe

windows7-x64

8

21c2c30c48...17.exe

windows10-2004-x64

8

Sharing

General

Target

21c2c30c48d5b31c6c099bae2b05e7c70adfc14013c20aa70fb59d4c2467fa17
Size

6.5MB
Sample

221125-n1wsvseg47
MD5

d652aa08893d8b839d51138915e89b59
SHA1

01ebef88b41abd70da8931ab76d277991f55ce25
SHA256

21c2c30c48d5b31c6c099bae2b05e7c70adfc14013c20aa70fb59d4c2467fa17
SHA512

365d230c49b4fa716fd6fb2f62d9c9251b5b1058aae13d8c701528071ae30051267b7c5898e5c226796c9d40c0ede390b4880d03136daa3fc487324582d9f1d3
SSDEEP

196608:iQ9w3ns9qy0LDPmhQmXAR3KaNDlrf/m7j4TZfEe:Pw32p0LjqQm6KmJ/m7j42

Score

8^/10

bootkit persistence upx vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

21c2c30c48d5b31c6c099bae2b05e7c70adfc14013c20aa70fb59d4c2467fa17.exe

Resource

win7-20220901-en

bootkit persistence upx vmprotect

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

21c2c30c48d5b31c6c099bae2b05e7c70adfc14013c20aa70fb59d4c2467fa17.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  21c2c30c48d5b31c6c099bae2b05e7c70adfc14013c20aa70fb59d4c2467fa17
- Size
  
  6.5MB
- MD5
  
  d652aa08893d8b839d51138915e89b59
- SHA1
  
  01ebef88b41abd70da8931ab76d277991f55ce25
- SHA256
  
  21c2c30c48d5b31c6c099bae2b05e7c70adfc14013c20aa70fb59d4c2467fa17
- SHA512
  
  365d230c49b4fa716fd6fb2f62d9c9251b5b1058aae13d8c701528071ae30051267b7c5898e5c226796c9d40c0ede390b4880d03136daa3fc487324582d9f1d3
- SSDEEP
  
  196608:iQ9w3ns9qy0LDPmhQmXAR3KaNDlrf/m7j4TZfEe:Pw32p0LjqQm6KmJ/m7j42
Score

8^/10

bootkit persistence upx vmprotect
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistenceupxvmprotect

behavioral2

© 2018-2024

Terms | Privacy