Overview

overview

8

Static

static

fada96dc99...58.exe

windows7-x64

8

fada96dc99...58.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    fada96dc990419b8fec6323816b3c6eed3b8b7b67d263f86d3b9c7119dc8f358

  • Size

    352KB

  • Sample

    221206-sdhd6sgh26

  • MD5

    70a3a9c42c1973350deb130a53231367

  • SHA1

    5b41fdd16b97f287515aeb5f16578a5d963acc49

  • SHA256

    fada96dc990419b8fec6323816b3c6eed3b8b7b67d263f86d3b9c7119dc8f358

  • SHA512

    0469f6d3f1112b3a6f7a6d109f52bcd0a8b38aad7f8390ffc82ebfe7fab238eee3b44586605276068c71714628bf63f63e5e1aec637b47ceab0d67a25cc1eea1

  • SSDEEP

    3072:8z/92a98YQ19SexsTczlwGcaebeYYQ19qROLz/9KwCZ63+kFVaiJ38yrjw:8L9IR396cJYRXL9YE3BauVU

Score
8/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      fada96dc990419b8fec6323816b3c6eed3b8b7b67d263f86d3b9c7119dc8f358

    • Size

      352KB

    • MD5

      70a3a9c42c1973350deb130a53231367

    • SHA1

      5b41fdd16b97f287515aeb5f16578a5d963acc49

    • SHA256

      fada96dc990419b8fec6323816b3c6eed3b8b7b67d263f86d3b9c7119dc8f358

    • SHA512

      0469f6d3f1112b3a6f7a6d109f52bcd0a8b38aad7f8390ffc82ebfe7fab238eee3b44586605276068c71714628bf63f63e5e1aec637b47ceab0d67a25cc1eea1

    • SSDEEP

      3072:8z/92a98YQ19SexsTczlwGcaebeYYQ19qROLz/9KwCZ63+kFVaiJ38yrjw:8L9IR396cJYRXL9YE3BauVU

    Score
    8/10
    bootkitdiscoverypersistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks