76816732db8051f52654c9969f4b6d028b8a8ab327fe79c26653e86d43ace11d | Triage

Submit
Reports

Overview

overview

9

Static

static

76816732db...1d.exe

windows7-x64

9

76816732db...1d.exe

windows10-2004-x64

9

Sharing

General

Target

76816732db8051f52654c9969f4b6d028b8a8ab327fe79c26653e86d43ace11d
Size

1.8MB
Sample

221201-dsgzmaaa99
MD5

0dffd34640eb0bf4a199ee3ed018ae52
SHA1

fd381c88c26c51e6a5a313a9b83b9d185e6f86f9
SHA256

76816732db8051f52654c9969f4b6d028b8a8ab327fe79c26653e86d43ace11d
SHA512

4eaa7678c80fcc3779ed07e4f27f0a42630c98e1727850fabd547be395a5d2ae2e40350a3db445934f79e059eff660f160d9f649521edb5cc5f0d72e896d002a
SSDEEP

24576:3B/E0QwpHP5IX2Zfxh5sVuRmG4WLKPBHmOnrRbPqnpMd5itymGqEFNIjsgW:R/d9pvxMuR4WwH5rhOpeUtRELIog

Score

9^/10

bootkit evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

76816732db8051f52654c9969f4b6d028b8a8ab327fe79c26653e86d43ace11d.exe

Resource

win7-20221111-en

bootkit evasion persistence

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

76816732db8051f52654c9969f4b6d028b8a8ab327fe79c26653e86d43ace11d.exe

Resource

win10v2004-20220901-en

bootkit evasion persistence

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  76816732db8051f52654c9969f4b6d028b8a8ab327fe79c26653e86d43ace11d
- Size
  
  1.8MB
- MD5
  
  0dffd34640eb0bf4a199ee3ed018ae52
- SHA1
  
  fd381c88c26c51e6a5a313a9b83b9d185e6f86f9
- SHA256
  
  76816732db8051f52654c9969f4b6d028b8a8ab327fe79c26653e86d43ace11d
- SHA512
  
  4eaa7678c80fcc3779ed07e4f27f0a42630c98e1727850fabd547be395a5d2ae2e40350a3db445934f79e059eff660f160d9f649521edb5cc5f0d72e896d002a
- SSDEEP
  
  24576:3B/E0QwpHP5IX2Zfxh5sVuRmG4WLKPBHmOnrRbPqnpMd5itymGqEFNIjsgW:R/d9pvxMuR4WwH5rhOpeUtRELIog
Score

9^/10

bootkit evasion persistence
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistence

behavioral2

bootkitevasionpersistence

© 2018-2025

Terms | Privacy