254a0dce7cfe5fb0d58821c965fa7e9a9ef9df0c4339a5d3689793c7343b4936 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

~.exe

windows7-x64

8

~.exe

windows10-2004-x64

8

Sharing

General

Target

OWEEWGOEW.zip
Size

235KB
Sample

230324-27xkmaca91
MD5

986a4e73c25dbcd8fdb6ab3a0eabcc69
SHA1

29e0325860532734ce9bf210636f42b1aedce10a
SHA256

254a0dce7cfe5fb0d58821c965fa7e9a9ef9df0c4339a5d3689793c7343b4936
SHA512

a2e3d952dfe5e9d70ec8fba2133b45823ec0e470fe36915fd129d0f6e7f633aed90a4630aa43d5863d50a8667b16dc65083c834bb88304874677fa7fc8c39f28
SSDEEP

6144:kk7jmfnAvMwVea9EMxfXzflE9Z121GntHRFFcMfYAxCkufpfi:kk7en8MSEuJm1jl/FcMgMCJg

Score

8^/10

bootkit persistence

Static task

static1

Behavioral task

behavioral1

Sample

~.exe

Resource

win7-20230220-en

bootkit persistence

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

~.exe

Resource

win10v2004-20230221-en

bootkit persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  ~
- Size
  
  256KB
- MD5
  
  56354f6191810e362bf2ae7b3f6e82b4
- SHA1
  
  98260eb9dbec4ef777939937b4ca797ac336e3ff
- SHA256
  
  95c16c2f74bfe9878117d341d4b259c5327f87fc10e8407b27e9a905aff0ac11
- SHA512
  
  fb40abe4838e4026a4b1c826566454ff181e68bf7f7929777f2ea63e55a8242c65f12dffb274e8c46f5f1bcb7f42661c41e7b2a62ed39050814a45de54ab8b30
- SSDEEP
  
  6144:bCfHrZae3GFqRQcMeh4WpywpjchNCPnAeb:bCfLZadcM24fRNXe
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Security Software Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

© 2018-2024

Terms | Privacy