ae0ce326a2bb42d4b4841ae68b4e9e3a90c55a7dcf5d61665538f6c157a6b7ae | Triage

Submit
Reports

Overview

overview

9

Static

static

8

ae0ce326a2...ae.exe

windows7-x64

9

ae0ce326a2...ae.exe

windows10-2004-x64

8

Sharing

General

Target

ae0ce326a2bb42d4b4841ae68b4e9e3a90c55a7dcf5d61665538f6c157a6b7ae
Size

6.4MB
Sample

221126-ka6nlahf6z
MD5

e1e2d47aa65335fa2f4afc3cb080d91a
SHA1

0aa097e3cbb9dc3f250fb91c6418ed1cd310aa21
SHA256

ae0ce326a2bb42d4b4841ae68b4e9e3a90c55a7dcf5d61665538f6c157a6b7ae
SHA512

8f7794f2678704e3ac2637e960dc295b3e06c0487d12db44f9ebfcd58e0f3901fe3471df593fabe69f1b667ec8a8bfcf9102cec0dfb88e4340ca74bd431be554
SSDEEP

98304:/SipA1YsrGQtIsBYpoc6cKu+y1FlSv0ibuhaXhK6UzoK4/V:qxOsSWIFj+u8Apy/V

Score

9^/10

bootkit evasion persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ae0ce326a2bb42d4b4841ae68b4e9e3a90c55a7dcf5d61665538f6c157a6b7ae.exe

Resource

win7-20220812-en

bootkit evasion persistence upx

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

ae0ce326a2bb42d4b4841ae68b4e9e3a90c55a7dcf5d61665538f6c157a6b7ae.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  ae0ce326a2bb42d4b4841ae68b4e9e3a90c55a7dcf5d61665538f6c157a6b7ae
- Size
  
  6.4MB
- MD5
  
  e1e2d47aa65335fa2f4afc3cb080d91a
- SHA1
  
  0aa097e3cbb9dc3f250fb91c6418ed1cd310aa21
- SHA256
  
  ae0ce326a2bb42d4b4841ae68b4e9e3a90c55a7dcf5d61665538f6c157a6b7ae
- SHA512
  
  8f7794f2678704e3ac2637e960dc295b3e06c0487d12db44f9ebfcd58e0f3901fe3471df593fabe69f1b667ec8a8bfcf9102cec0dfb88e4340ca74bd431be554
- SSDEEP
  
  98304:/SipA1YsrGQtIsBYpoc6cKu+y1FlSv0ibuhaXhK6UzoK4/V:qxOsSWIFj+u8Apy/V
Score

9^/10

bootkit evasion persistence upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Creates new service(s)
  persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Bootkit

Privilege Escalation

New Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

bootkitevasionpersistenceupx

behavioral2

© 2018-2024

Terms | Privacy