7e1b4d9b1ade77c0668bcd31747dbfccbb31fc3aeaaeb8cf3746503c0a00aa15 | Triage

Submit
Reports

Overview

overview

Static

static

1

7e1b4d9b1a...15.exe

windows7-x64

7e1b4d9b1a...15.exe

windows10-2004-x64

Sharing

General

Target

7e1b4d9b1ade77c0668bcd31747dbfccbb31fc3aeaaeb8cf3746503c0a00aa15
Size

1.0MB
Sample

221128-flj7hsga86
MD5

98a5b553e34db02f6f215efa9ae4aebc
SHA1

491a670171260a41a07d5aaf148bdfd79cac9e1e
SHA256

7e1b4d9b1ade77c0668bcd31747dbfccbb31fc3aeaaeb8cf3746503c0a00aa15
SHA512

eb77474c20287cde26ff73f6317f97e2488c7a1f45812e40713d3b9a94211b6b616af80db8151c2391db65bd38dd5b6ace5ad19c43ac5e632a699ec8324c7c8f
SSDEEP

24576:pvaxKxyGK866BtISV4SoZzg6UPraoSpT95vBjWRo5elAH7J:pvmGliSWJg6UP+oEbBKoYlAH7J

Score

10^/10

bootkit discovery persistence phishing upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7e1b4d9b1ade77c0668bcd31747dbfccbb31fc3aeaaeb8cf3746503c0a00aa15.exe

Resource

win7-20220812-en

bootkit discovery persistence phishing upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

7e1b4d9b1ade77c0668bcd31747dbfccbb31fc3aeaaeb8cf3746503c0a00aa15.exe

Resource

win10v2004-20220812-en

bootkit persistence phishing upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  7e1b4d9b1ade77c0668bcd31747dbfccbb31fc3aeaaeb8cf3746503c0a00aa15
- Size
  
  1.0MB
- MD5
  
  98a5b553e34db02f6f215efa9ae4aebc
- SHA1
  
  491a670171260a41a07d5aaf148bdfd79cac9e1e
- SHA256
  
  7e1b4d9b1ade77c0668bcd31747dbfccbb31fc3aeaaeb8cf3746503c0a00aa15
- SHA512
  
  eb77474c20287cde26ff73f6317f97e2488c7a1f45812e40713d3b9a94211b6b616af80db8151c2391db65bd38dd5b6ace5ad19c43ac5e632a699ec8324c7c8f
- SSDEEP
  
  24576:pvaxKxyGK866BtISV4SoZzg6UPraoSpT95vBjWRo5elAH7J:pvmGliSWJg6UP+oEbBKoYlAH7J
Score

10^/10

bootkit discovery persistence phishing upx
- Detected phishing page
  phishing
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistencephishingupx

behavioral2

bootkitpersistencephishingupx

© 2018-2024

Terms | Privacy