bd3cf8dbf50c46c72d1b512d9a0185d8127e0e3a8735d93bf87fdf0a5843c7c9 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

bd3cf8dbf5...c9.exe

windows7-x64

bd3cf8dbf5...c9.exe

windows10-2004-x64

Sharing

General

Target

bd3cf8dbf50c46c72d1b512d9a0185d8127e0e3a8735d93bf87fdf0a5843c7c9
Size

17KB
Sample

221201-w798tsca31
MD5

1f54db8e2133f535609b3eda1db7d869
SHA1

32a038fd9fc7acca9886e54c860949d0b3a93599
SHA256

bd3cf8dbf50c46c72d1b512d9a0185d8127e0e3a8735d93bf87fdf0a5843c7c9
SHA512

df62fe3f0c5178dc69b1db65c2ae8a5f062f5443e4cc2a26735a38d0ee38c38483add46ae2627d23d8a28b4fdabbbea792d6a1f785c949326e292f75db079d4b
SSDEEP

384:/AhgmZnWs/FBSPGvBm/Qbw7gZTErM/JtnObH0/RtDlFjBsEu:/2gB7GpmaH/JQL0/rC

Score

8^/10

bootkit persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bd3cf8dbf50c46c72d1b512d9a0185d8127e0e3a8735d93bf87fdf0a5843c7c9.exe

Resource

win7-20220812-en

bootkit persistence upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

bd3cf8dbf50c46c72d1b512d9a0185d8127e0e3a8735d93bf87fdf0a5843c7c9.exe

Resource

win10v2004-20220901-en

bootkit persistence upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  bd3cf8dbf50c46c72d1b512d9a0185d8127e0e3a8735d93bf87fdf0a5843c7c9
- Size
  
  17KB
- MD5
  
  1f54db8e2133f535609b3eda1db7d869
- SHA1
  
  32a038fd9fc7acca9886e54c860949d0b3a93599
- SHA256
  
  bd3cf8dbf50c46c72d1b512d9a0185d8127e0e3a8735d93bf87fdf0a5843c7c9
- SHA512
  
  df62fe3f0c5178dc69b1db65c2ae8a5f062f5443e4cc2a26735a38d0ee38c38483add46ae2627d23d8a28b4fdabbbea792d6a1f785c949326e292f75db079d4b
- SSDEEP
  
  384:/AhgmZnWs/FBSPGvBm/Qbw7gZTErM/JtnObH0/RtDlFjBsEu:/2gB7GpmaH/JQL0/rC
Score

8^/10

bootkit persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistenceupx

behavioral2

bootkitpersistenceupx

© 2018-2024

Terms | Privacy