Overview

overview

8

Static

static

1

kaspersky4...46.exe

windows7-x64

8

kaspersky4...46.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    kaspersky4win202121.9.6.465es_37946.exe

  • Size

    3MB

  • Sample

    230324-26kvfahh88

  • MD5

    6f3653a401e3dfd802d9c69f20c9a8ac

  • SHA1

    db0937b5b5adfc72cb5291f28f08cb234da9d740

  • SHA256

    857db21d0ca383968700b5397ded7bc1b336209e4464c46e479668f08e067495

  • SHA512

    8e5b1fafaf331e3d8bd2ded041a2f9fe5d6542d8be63bb823e05631cd5ebe89d85de1685c11431d01c010c866061b58d7d587cfa28edaf9c83f71091160c0d81

  • SSDEEP

    98304:gQFKOoWJ9QennbKgb/LcPOc/KmCPOHxFvSeVEQaJU7pByrcGw:ToWfQenzbDcGc2mfJtm

Score
8/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      kaspersky4win202121.9.6.465es_37946.exe

    • Size

      3MB

    • MD5

      6f3653a401e3dfd802d9c69f20c9a8ac

    • SHA1

      db0937b5b5adfc72cb5291f28f08cb234da9d740

    • SHA256

      857db21d0ca383968700b5397ded7bc1b336209e4464c46e479668f08e067495

    • SHA512

      8e5b1fafaf331e3d8bd2ded041a2f9fe5d6542d8be63bb823e05631cd5ebe89d85de1685c11431d01c010c866061b58d7d587cfa28edaf9c83f71091160c0d81

    • SSDEEP

      98304:gQFKOoWJ9QennbKgb/LcPOc/KmCPOHxFvSeVEQaJU7pByrcGw:ToWfQenzbDcGc2mfJtm

    Score
    8/10
    bootkitevasionpersistencetrojan

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

1
T1112

Install Root Certificate

1
T1130

Discovery

System Information Discovery

3
T1082

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Bootkit

1
T1067

Privilege Escalation

Tasks