Overview

overview

8

Static

static

1

~.exe

windows7-x64

8

~.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    OWEEWGOEW.zip

  • Size

    235KB

  • Sample

    230324-27xkmaca91

  • MD5

    986a4e73c25dbcd8fdb6ab3a0eabcc69

  • SHA1

    29e0325860532734ce9bf210636f42b1aedce10a

  • SHA256

    254a0dce7cfe5fb0d58821c965fa7e9a9ef9df0c4339a5d3689793c7343b4936

  • SHA512

    a2e3d952dfe5e9d70ec8fba2133b45823ec0e470fe36915fd129d0f6e7f633aed90a4630aa43d5863d50a8667b16dc65083c834bb88304874677fa7fc8c39f28

  • SSDEEP

    6144:kk7jmfnAvMwVea9EMxfXzflE9Z121GntHRFFcMfYAxCkufpfi:kk7en8MSEuJm1jl/FcMgMCJg

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      ~

    • Size

      256KB

    • MD5

      56354f6191810e362bf2ae7b3f6e82b4

    • SHA1

      98260eb9dbec4ef777939937b4ca797ac336e3ff

    • SHA256

      95c16c2f74bfe9878117d341d4b259c5327f87fc10e8407b27e9a905aff0ac11

    • SHA512

      fb40abe4838e4026a4b1c826566454ff181e68bf7f7929777f2ea63e55a8242c65f12dffb274e8c46f5f1bcb7f42661c41e7b2a62ed39050814a45de54ab8b30

    • SSDEEP

      6144:bCfHrZae3GFqRQcMeh4WpywpjchNCPnAeb:bCfLZadcM24fRNXe

    Score
    8/10
    bootkitpersistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks for any installed AV software in registry

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Discovery

Query Registry

1
T1012

Security Software Discovery

1
T1063

System Information Discovery

1
T1082

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

1
T1060

Bootkit

1
T1067

Privilege Escalation

Tasks