cd8fdc43e7b00d9bd34d4f6fb477e66968b302692e8ccf040e6f180620ac5c19 | Triage

Submit
Reports

Overview

overview

8

Static

static

cd8fdc43e7...19.exe

windows7-x64

8

cd8fdc43e7...19.exe

windows10-2004-x64

7

Sharing

General

Target

cd8fdc43e7b00d9bd34d4f6fb477e66968b302692e8ccf040e6f180620ac5c19
Size

1.2MB
Sample

221201-v2hqysfa5v
MD5

22fde0753062a2e7921d59fe64d6f7cc
SHA1

c6f1d83d64cfa541ea907d527bc79c698d337643
SHA256

cd8fdc43e7b00d9bd34d4f6fb477e66968b302692e8ccf040e6f180620ac5c19
SHA512

a1e024571711dab2ca9eb33f9b8371eb277cd1b708668c6b7c87ed41beec640151f2b1f775b640ec8139b598c4b298fe5bae2d2b4253142fe7fdec3f2e2aaf04
SSDEEP

24576:LDFq/8wVCMozowl4as1Y+zijEJq95/T+f8hDZ9VMMwsR+jlL79VJoLwl/Q:LDFq/8KC1TUY+ziwq9ty0hDHVqJjB9Q/

Score

8^/10

bootkit evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

cd8fdc43e7b00d9bd34d4f6fb477e66968b302692e8ccf040e6f180620ac5c19.exe

Resource

win7-20221111-en

bootkit evasion persistence trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

cd8fdc43e7b00d9bd34d4f6fb477e66968b302692e8ccf040e6f180620ac5c19.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  cd8fdc43e7b00d9bd34d4f6fb477e66968b302692e8ccf040e6f180620ac5c19
- Size
  
  1.2MB
- MD5
  
  22fde0753062a2e7921d59fe64d6f7cc
- SHA1
  
  c6f1d83d64cfa541ea907d527bc79c698d337643
- SHA256
  
  cd8fdc43e7b00d9bd34d4f6fb477e66968b302692e8ccf040e6f180620ac5c19
- SHA512
  
  a1e024571711dab2ca9eb33f9b8371eb277cd1b708668c6b7c87ed41beec640151f2b1f775b640ec8139b598c4b298fe5bae2d2b4253142fe7fdec3f2e2aaf04
- SSDEEP
  
  24576:LDFq/8wVCMozowl4as1Y+zijEJq95/T+f8hDZ9VMMwsR+jlL79VJoLwl/Q:LDFq/8KC1TUY+ziwq9ty0hDHVqJjB9Q/
Score

8^/10

bootkit evasion persistence trojan upx
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitevasionpersistencetrojanupx

behavioral2

© 2018-2024

Terms | Privacy