aab3477d4c76ae28869ebf49da7f0d45a6101b2e4b56d75a3dbdaa242abf888b | Triage

Submit
Reports

Overview

overview

8

Static

static

1

aab3477d4c...8b.exe

windows7-x64

8

aab3477d4c...8b.exe

windows10-2004-x64

8

Sharing

General

Target

aab3477d4c76ae28869ebf49da7f0d45a6101b2e4b56d75a3dbdaa242abf888b
Size

1.1MB
Sample

221205-l5c57she68
MD5

effbea685e7b77b9fa92604418c4f8f4
SHA1

27059309b55f180b4135ace1016b4f407f26be70
SHA256

aab3477d4c76ae28869ebf49da7f0d45a6101b2e4b56d75a3dbdaa242abf888b
SHA512

7b0e9d7c21d1960ff76df9f8f333014793e694b85bea3eccf3db6963d496a881efd782d7ec102b4b69a8efd29929a00a070d035f914c431f97b73121076b5da1
SSDEEP

24576:2NGQvfd4wzQP6ASSvTd7z/fl3F6e8P25XZkKcs9hzTQVF4CFU:UGQHuaQiWvZ7ThW2tZZcs99Q0

Score

8^/10

bootkit discovery persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

aab3477d4c76ae28869ebf49da7f0d45a6101b2e4b56d75a3dbdaa242abf888b.exe

Resource

win7-20221111-en

bootkit discovery persistence

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

aab3477d4c76ae28869ebf49da7f0d45a6101b2e4b56d75a3dbdaa242abf888b.exe

Resource

win10v2004-20220812-en

bootkit discovery persistence

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  aab3477d4c76ae28869ebf49da7f0d45a6101b2e4b56d75a3dbdaa242abf888b
- Size
  
  1.1MB
- MD5
  
  effbea685e7b77b9fa92604418c4f8f4
- SHA1
  
  27059309b55f180b4135ace1016b4f407f26be70
- SHA256
  
  aab3477d4c76ae28869ebf49da7f0d45a6101b2e4b56d75a3dbdaa242abf888b
- SHA512
  
  7b0e9d7c21d1960ff76df9f8f333014793e694b85bea3eccf3db6963d496a881efd782d7ec102b4b69a8efd29929a00a070d035f914c431f97b73121076b5da1
- SSDEEP
  
  24576:2NGQvfd4wzQP6ASSvTd7z/fl3F6e8P25XZkKcs9hzTQVF4CFU:UGQHuaQiWvZ7ThW2tZZcs99Q0
Score

8^/10

bootkit discovery persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence

© 2018-2024

Terms | Privacy