aacf9aa69f796273438327be6d804d20837272b331eb3b7689b431148a07c88d | Triage

Submit
Reports

Overview

overview

9

Static

static

腾讯会�...��.exe

windows7-x64

9

腾讯会�...��.exe

windows10-2004-x64

9

Sharing

General

Target

腾讯会议软件.ex$
Size

2.0MB
Sample

221204-qy7tfsde56
MD5

5b9e8345fab7397985cd60729797abc6
SHA1

21d8e0efd71f4f00e8138360e56e72dbf533890a
SHA256

aacf9aa69f796273438327be6d804d20837272b331eb3b7689b431148a07c88d
SHA512

c505609e8de8c29f78490833f34a355d41eb3a6057919aa7f23ab9ae7ac83cef3b64f0116bba0ca145dbb17b1c2c3b18546d31af2397b82260f4cf708a709f75
SSDEEP

49152:R/BU6vSPotkoQsbJhPI2q056dN216k4xIURegVMw:R/BU6vSPotPQsbJhPI2qexFJEegVMw

Score

9^/10

bootkit evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

腾讯会议软件.exe

Resource

win7-20220901-en

bootkit evasion persistence trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

腾讯会议软件.exe

Resource

win10v2004-20220812-en

bootkit evasion persistence trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  腾讯会议软件.ex$
- Size
  
  2.0MB
- MD5
  
  5b9e8345fab7397985cd60729797abc6
- SHA1
  
  21d8e0efd71f4f00e8138360e56e72dbf533890a
- SHA256
  
  aacf9aa69f796273438327be6d804d20837272b331eb3b7689b431148a07c88d
- SHA512
  
  c505609e8de8c29f78490833f34a355d41eb3a6057919aa7f23ab9ae7ac83cef3b64f0116bba0ca145dbb17b1c2c3b18546d31af2397b82260f4cf708a709f75
- SSDEEP
  
  49152:R/BU6vSPotkoQsbJhPI2q056dN216k4xIURegVMw:R/BU6vSPotPQsbJhPI2qexFJEegVMw
Score

9^/10

bootkit evasion persistence trojan upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitevasionpersistencetrojanupx

behavioral2

bootkitevasionpersistencetrojanupx

© 2018-2024

Terms | Privacy