Overview

overview

7

Static

static

95edcc6bf0...b0.exe

windows7-x64

7

95edcc6bf0...b0.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    95edcc6bf0ca4797dbcc379d88c0eb1ae636d1e0a86fc5a7c3575d8a42d7d9b0

  • Size

    1.7MB

  • Sample

    221203-vhjtxada7t

  • MD5

    987f243aa68ebd846ce2c6774af359f7

  • SHA1

    1a5edfdeb13c93ad9f390b7f67122c91ce1b9e8b

  • SHA256

    95edcc6bf0ca4797dbcc379d88c0eb1ae636d1e0a86fc5a7c3575d8a42d7d9b0

  • SHA512

    b39976367216b1bc1d440a59f9c37a7f77ed1999d8e9bd0456f397c4e69f88cf930f1a941f68cee87e18f1785d7133995acbae16fbfb1bba075500a88f65cfd6

  • SSDEEP

    49152:ORPUXyNF4yxrzSKon2fpMAkj+cUJyY92hB0eXBe4:ORPUeF7x/hjkj+JJVg0eA

Score
7/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      95edcc6bf0ca4797dbcc379d88c0eb1ae636d1e0a86fc5a7c3575d8a42d7d9b0

    • Size

      1.7MB

    • MD5

      987f243aa68ebd846ce2c6774af359f7

    • SHA1

      1a5edfdeb13c93ad9f390b7f67122c91ce1b9e8b

    • SHA256

      95edcc6bf0ca4797dbcc379d88c0eb1ae636d1e0a86fc5a7c3575d8a42d7d9b0

    • SHA512

      b39976367216b1bc1d440a59f9c37a7f77ed1999d8e9bd0456f397c4e69f88cf930f1a941f68cee87e18f1785d7133995acbae16fbfb1bba075500a88f65cfd6

    • SSDEEP

      49152:ORPUXyNF4yxrzSKon2fpMAkj+cUJyY92hB0eXBe4:ORPUeF7x/hjkj+JJVg0eA

    Score
    7/10
    bootkitevasionpersistencetrojan

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks