Overview

overview

9

Static

static

9

ͻ�...PI.dll

windows7-x64

6

ͻ�...PI.dll

windows10-2004-x64

6

ͻ�...dx.dll

windows7-x64

1

ͻ�...dx.dll

windows10-2004-x64

8

ͻ�...dt.dll

windows7-x64

1

ͻ�...dt.dll

windows10-2004-x64

1

ͻ�...��.exe

windows7-x64

8

ͻ�...��.exe

windows10-2004-x64

8

ͻ�...�1.exe

windows7-x64

8

ͻ�...�1.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5263af4be4f2250238b25131da6444ba1b6c6ec611833f868c10c14c90350300

  • Size

    5.0MB

  • Sample

    221126-zfcp2aga7y

  • MD5

    4e66d69053919c276ef6461bfdb77a80

  • SHA1

    17fc264890adf3e33e146f6f457b2a05cba89cfe

  • SHA256

    5263af4be4f2250238b25131da6444ba1b6c6ec611833f868c10c14c90350300

  • SHA512

    4a56179fac443f9f71e1de7b5b03412239028a97f0440504ee2744ca10bc331653336cb7a19360c5943799ce82a0cf1b0713021a2fc9083fce8d9649b5e59539

  • SSDEEP

    98304:KERFJHuWDTsX57CEWIvhLelfI9v0xNeFhVGCUun+qhWpKMpUaEQeSTHGn:xulCEWQh+8v0xN6hVGo50LpUQe0mn

Score
9/10
bootkitpersistenceupxvmprotect

Malware Config

Targets

    • Target

      ͻ/CrackCaptchaAPI.dll

    • Size

      1.3MB

    • MD5

      29ff953afe3790cf0b67b8d7d7359dc4

    • SHA1

      e0d6d09a305c3e429cc6f28bcb7a2d46bc58a299

    • SHA256

      41498e1701a06b8b3553c4f1ee5553bb5418263fc49aff93e967bb1f2dffb457

    • SHA512

      2e886d8167ef6539bd9a4cda4bb6e1e893bf174be42d57c936c31f8762945915ae369d93ba83ae40697db458da8c4933b6ada854613f258531d59d4ef58c4466

    • SSDEEP

      24576:F8ap11IEYUuMhjKyxfE8V4tjBG8fE24B/G1ExYOnxqFqCxQf+6Q/oGTsZUf:F8hUrJ4tjPE2cxgKf6/dT8Uf

    Score
    6/10
    bootkitpersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

    • Target

      ͻ/rgfdx.dll

    • Size

      804KB

    • MD5

      c578b6820bda5689940560147c6e5ffc

    • SHA1

      922e50d89c9c44bdc205ef17aa57212b64e58852

    • SHA256

      3b6ddc32b800a18b21a819e842cbfdd57cb065fd92cc69545e0ef29b97cfd389

    • SHA512

      9f2a1bb5788ad245242d12968bbf198af2694a87c6e2342f14672e8c14e8489dd3319434592fc9b20f620557d0fa58482903d19c7f5ba32456a1e4076dc1bb85

    • SSDEEP

      24576:3rhlxaCsVb6KoTpZCFg6DTk1F2RjkjCQG:VWCsVb6KUpZ+hDg1F2d6

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      ͻ/sydt.dll

    • Size

      284KB

    • MD5

      666acb3df5d04ce0419cdd9c5ebdc631

    • SHA1

      241777232ddf807d585c529e1a800d28a83982fb

    • SHA256

      2dc60ed0879bded846abaef9d4ae9b98cc46018e191741c9bca356cd327dec7d

    • SHA512

      4a25f3a35c5d216e1aeba8019576560e27c82c1b6be551214014587097397f7c3bdb4b3cc17b7a2875bd9f0c128441fd1a228a34f923690366508161670ee732

    • SSDEEP

      6144:TD+mEXGo5bTcEk7JX7hI0gXmQ/6+3MydtJ:n4Go58Ek7p7xQmGJ

    Score
    1/10
    behavioral5behavioral6

    • Target

      ͻ/ͻ.exe

    • Size

      1.7MB

    • MD5

      6db57c90bfe524b2d51a3d683d0fb243

    • SHA1

      645bca4f3366f0f9ee3c8a7193775fee890ddb01

    • SHA256

      6f9b54c79ecb40033d31383dafc624ef38c9bcf9d3a510a618ee13675826df69

    • SHA512

      bbe3ed5b6c10a0e48b2d60a6b703642374c74fbc4dc1d9960b428bfcc54b519ec9a4535888999304abf6c9a2cfb0752f0938ec297d7810efc452b05d6d3be403

    • SSDEEP

      49152:md87m0YGyhuCw/coKs16GwbnUfEYKd4u35ea/vydqx8nv5fXALgJo:z7LYeUoKs16zn9YKdl35ea/vydO8nvRk

    Score
    8/10
    bootkitpersistenceupxvmprotect

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral7behavioral8

    • Target

      ͻ/ͻ1.exe

    • Size

      2.7MB

    • MD5

      405ce52ed5977b753e4d3262d9bc6116

    • SHA1

      52afe341292dbf56a33de35938dd141084892726

    • SHA256

      36a11c9a02418abaf679da0632c084b0855e0f419ff402416ba3b6f65273fd37

    • SHA512

      2cdbc0e2b680cd024cb454f3dcda3af16895d110c145fbdd3fb2b0e8b2034c08326e6279a559ddb49635c81d5355820be1a27bb450916a478af03acce906a76b

    • SSDEEP

      49152:pjEAuVU9p3Cb03IFTtyp6ano1RYsj4Eh5SLimp:lEAsULCb03Bp6FYskEhi

    Score
    8/10
    bootkitpersistenceupxvmprotect

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral10behavioral9

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

3
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks