Overview

overview

8

Static

static

Unlocker Setup v1.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Unlocker Setup v1.exe

  • Size

    2.3MB

  • Sample

    221205-fkdy4scd71

  • MD5

    8434d94b119c2f67c204e70b96616547

  • SHA1

    835346733f82025e000adad7e600a0c5fe803f58

  • SHA256

    0b79a057c63ae780bf99e7bf4b165c8fe2edf1e7aa0d6bb4d6c2646cbd598bbb

  • SHA512

    a8b7e854c56f023b9cd9add640e58e8f2108d59d0a3da8ada16596f69a9e0d928037e8ad96a90b233d9fee2c1703276cc17995160fda708ac738bd1174396768

  • SSDEEP

    49152:NnedYpANz/Jnxmh1E4gzw/sj9KiRaYHEdqkIU5x8ZL9oH4K8Ao5q7:MdYWNlxOu4gc/2QKa6aDIpZLdK8bW

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      Unlocker Setup v1.exe

    • Size

      2.3MB

    • MD5

      8434d94b119c2f67c204e70b96616547

    • SHA1

      835346733f82025e000adad7e600a0c5fe803f58

    • SHA256

      0b79a057c63ae780bf99e7bf4b165c8fe2edf1e7aa0d6bb4d6c2646cbd598bbb

    • SHA512

      a8b7e854c56f023b9cd9add640e58e8f2108d59d0a3da8ada16596f69a9e0d928037e8ad96a90b233d9fee2c1703276cc17995160fda708ac738bd1174396768

    • SSDEEP

      49152:NnedYpANz/Jnxmh1E4gzw/sj9KiRaYHEdqkIU5x8ZL9oH4K8Ao5q7:MdYWNlxOu4gc/2QKa6aDIpZLdK8bW

    Score
    8/10
    bootkitpersistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks