549f05d9c10be5e43c6b2eb0a370b048ccf98a0a1f05f02280b541f20aa7304e | Triage

Submit
Reports

Overview

overview

8

Static

static

549f05d9c1...4e.exe

windows7-x64

8

549f05d9c1...4e.exe

windows10-2004-x64

8

Sharing

General

Target

549f05d9c10be5e43c6b2eb0a370b048ccf98a0a1f05f02280b541f20aa7304e
Size

31.5MB
Sample

221128-sfa3wacb65
MD5

825c74709ea3d2f5f19ba58f4d995cba
SHA1

d43f1c0983f212ea808fa73b2921b5c0fb0ac42a
SHA256

549f05d9c10be5e43c6b2eb0a370b048ccf98a0a1f05f02280b541f20aa7304e
SHA512

ffa696d104047ff9243b1aa4179f8c3762615e33cb7eadf5e9b439e5263dda458227a0a12437810383a80961f745f78e64b4985aa67c65ef7fcd82cde447c063
SSDEEP

786432:haXj+hzDp2e6W3dJzZji9iRKpL+f3WmB3f0AUKX:haz+jvX3bzZjUL+Pr3fhD

Score

8^/10

bootkit discovery evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

549f05d9c10be5e43c6b2eb0a370b048ccf98a0a1f05f02280b541f20aa7304e.exe

Resource

win7-20220812-en

bootkit discovery evasion persistence

windows7-x64

24 signatures

150 seconds

Behavioral task

behavioral2

Sample

549f05d9c10be5e43c6b2eb0a370b048ccf98a0a1f05f02280b541f20aa7304e.exe

Resource

win10v2004-20220901-en

bootkit discovery evasion persistence

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  549f05d9c10be5e43c6b2eb0a370b048ccf98a0a1f05f02280b541f20aa7304e
- Size
  
  31.5MB
- MD5
  
  825c74709ea3d2f5f19ba58f4d995cba
- SHA1
  
  d43f1c0983f212ea808fa73b2921b5c0fb0ac42a
- SHA256
  
  549f05d9c10be5e43c6b2eb0a370b048ccf98a0a1f05f02280b541f20aa7304e
- SHA512
  
  ffa696d104047ff9243b1aa4179f8c3762615e33cb7eadf5e9b439e5263dda458227a0a12437810383a80961f745f78e64b4985aa67c65ef7fcd82cde447c063
- SSDEEP
  
  786432:haXj+hzDp2e6W3dJzZji9iRKpL+f3WmB3f0AUKX:haz+jvX3bzZjUL+Pr3fhD
Score

8^/10

bootkit discovery evasion persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Registers COM server for autorun
  persistence
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistence

behavioral2

bootkitdiscoveryevasionpersistence

© 2018-2024

Terms | Privacy