Overview

overview

8

Static

static

1

e1b75ed8f7...3e.exe

windows7-x64

8

e1b75ed8f7...3e.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e1b75ed8f7a7ea7b6516014a823947fae337c902e9913f96ab849d79b994583e

  • Size

    5.2MB

  • Sample

    230318-mj1vtaea5x

  • MD5

    4895fcba3d5327ef60c74358aa8f8ee2

  • SHA1

    18d4981345c20487e9d7187b096f054e2e115c59

  • SHA256

    e1b75ed8f7a7ea7b6516014a823947fae337c902e9913f96ab849d79b994583e

  • SHA512

    d1996dbbbc842adfed4d346d18f5e06a24cc1ce3bbfffce311438d55afa1865ffed67fab685e7cfb8d8abfd55b7d76aec031f1a11456a42258d0530fafbf92e0

  • SSDEEP

    98304:8XWL95fDN2hWVYc0wR5rhRNb0cE+SA8tNmef9ycNBg8RCkR5:8XWLNuWac0sHRWcfbQAIxf9IK

Score
8/10
bootkitevasionpersistence

Malware Config

Targets

    • Target

      e1b75ed8f7a7ea7b6516014a823947fae337c902e9913f96ab849d79b994583e

    • Size

      5.2MB

    • MD5

      4895fcba3d5327ef60c74358aa8f8ee2

    • SHA1

      18d4981345c20487e9d7187b096f054e2e115c59

    • SHA256

      e1b75ed8f7a7ea7b6516014a823947fae337c902e9913f96ab849d79b994583e

    • SHA512

      d1996dbbbc842adfed4d346d18f5e06a24cc1ce3bbfffce311438d55afa1865ffed67fab685e7cfb8d8abfd55b7d76aec031f1a11456a42258d0530fafbf92e0

    • SSDEEP

      98304:8XWL95fDN2hWVYc0wR5rhRNb0cE+SA8tNmef9ycNBg8RCkR5:8XWLNuWac0sHRWcfbQAIxf9IK

    Score
    8/10
    bootkitevasionpersistence

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks