Overview

overview

8

Static

static

8

ecfad45377...40.exe

windows7-x64

8

ecfad45377...40.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    ecfad45377e38170d98bad0be9ff66c0fb8a13a234dced2232eeaad7c605b540

  • Size

    959KB

  • Sample

    221204-plyjksda41

  • MD5

    98343a039500a0d00800e290a9a42b8c

  • SHA1

    1853de66d372a97d6cf65515a5c0bfa78c965050

  • SHA256

    ecfad45377e38170d98bad0be9ff66c0fb8a13a234dced2232eeaad7c605b540

  • SHA512

    1198b41b8d5d9b7e80a3a48f48f659356ad0fb5b490fff10cc34fb692dc42cfd644ec3feeee564cce4bb32e1a002e91c687d7bd3fce8bad36e5eb64eeddec1b8

  • SSDEEP

    24576:KzKXpMJj7owjD49Nkb+R0WLnAI/jLQjMhK6h3xU4+Gud0z:P+JfoE4DTLnAI7L3hK6h3+BGudI

Score
8/10
bootkitpersistenceupx

Malware Config

Targets

    • Target

      ecfad45377e38170d98bad0be9ff66c0fb8a13a234dced2232eeaad7c605b540

    • Size

      959KB

    • MD5

      98343a039500a0d00800e290a9a42b8c

    • SHA1

      1853de66d372a97d6cf65515a5c0bfa78c965050

    • SHA256

      ecfad45377e38170d98bad0be9ff66c0fb8a13a234dced2232eeaad7c605b540

    • SHA512

      1198b41b8d5d9b7e80a3a48f48f659356ad0fb5b490fff10cc34fb692dc42cfd644ec3feeee564cce4bb32e1a002e91c687d7bd3fce8bad36e5eb64eeddec1b8

    • SSDEEP

      24576:KzKXpMJj7owjD49Nkb+R0WLnAI/jLQjMhK6h3xU4+Gud0z:P+JfoE4DTLnAI7L3hK6h3+BGudI

    Score
    8/10
    bootkitpersistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks