6af1df80b7cdcafb966cf1486a9d3cb098769cb59a58b42e097ea9742691df5b | Triage

Submit
Reports

Overview

overview

8

Static

static

6af1df80b7...5b.exe

windows7-x64

8

6af1df80b7...5b.exe

windows10-2004-x64

8

Sharing

General

Target

6af1df80b7cdcafb966cf1486a9d3cb098769cb59a58b42e097ea9742691df5b
Size

471KB
Sample

221127-ta6g9sdd8x
MD5

25892ea00e7495810a766fbe47b70c94
SHA1

6b5e9174d9416a9cf9d9df9fb427d307fb504cfa
SHA256

6af1df80b7cdcafb966cf1486a9d3cb098769cb59a58b42e097ea9742691df5b
SHA512

b9335ce8ffcb79454b8c199b9c4e7a89b955d9f4eafa85715c183dd0ff2acec4ff881ec57811ed5ff28d284c301846515b7ab75deaa004607e998f1befdfa833
SSDEEP

12288:NRI+MKzQ6ryInvu23sQZtHW1K3Dnsvm6DrY7M:TIQQ6ryInGqsQZtHW4DsbnYw

Score

8^/10

bootkit discovery persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

6af1df80b7cdcafb966cf1486a9d3cb098769cb59a58b42e097ea9742691df5b.exe

Resource

win7-20220812-en

bootkit discovery persistence upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

6af1df80b7cdcafb966cf1486a9d3cb098769cb59a58b42e097ea9742691df5b.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  6af1df80b7cdcafb966cf1486a9d3cb098769cb59a58b42e097ea9742691df5b
- Size
  
  471KB
- MD5
  
  25892ea00e7495810a766fbe47b70c94
- SHA1
  
  6b5e9174d9416a9cf9d9df9fb427d307fb504cfa
- SHA256
  
  6af1df80b7cdcafb966cf1486a9d3cb098769cb59a58b42e097ea9742691df5b
- SHA512
  
  b9335ce8ffcb79454b8c199b9c4e7a89b955d9f4eafa85715c183dd0ff2acec4ff881ec57811ed5ff28d284c301846515b7ab75deaa004607e998f1befdfa833
- SSDEEP
  
  12288:NRI+MKzQ6ryInvu23sQZtHW1K3Dnsvm6DrY7M:TIQQ6ryInGqsQZtHW4DsbnYw
Score

8^/10

bootkit discovery persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistenceupx

behavioral2

© 2018-2024

Terms | Privacy