f63c549707775b9add6dc22526df887ea868f789c81824416db2bce6af8a50a4 | Triage

Submit
Reports

Overview

overview

7

Static

static

7

f63c549707...a4.exe

windows7-x64

7

f63c549707...a4.exe

windows10-2004-x64

7

Sharing

General

Target

f63c549707775b9add6dc22526df887ea868f789c81824416db2bce6af8a50a4
Size

4.1MB
Sample

230326-cn1qhafc26
MD5

cd4839fbc22c6fccab4c3170c845bfdb
SHA1

2f0edc79f6248f17c61e86d02be38c6d6b11b75b
SHA256

f63c549707775b9add6dc22526df887ea868f789c81824416db2bce6af8a50a4
SHA512

2e8a55d8ad8916a9772e73956244d1ec68c35963395fd7d71fd9ae881ab72bb30d04aa39427420fc44460e2a03a39ddc9937b69bebb6ca74835573350b605524
SSDEEP

98304:9/4JXInxCzh+jyHbhGYndKYJ/mtnZCYiZ6c+RCHuY:9/4JX0xa+jy5np8nAZ6aHu

Score

7^/10

bootkit persistence vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f63c549707775b9add6dc22526df887ea868f789c81824416db2bce6af8a50a4.exe

Resource

win7-20230220-en

bootkit persistence vmprotect

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

f63c549707775b9add6dc22526df887ea868f789c81824416db2bce6af8a50a4.exe

Resource

win10v2004-20230220-en

bootkit persistence vmprotect

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  f63c549707775b9add6dc22526df887ea868f789c81824416db2bce6af8a50a4
- Size
  
  4.1MB
- MD5
  
  cd4839fbc22c6fccab4c3170c845bfdb
- SHA1
  
  2f0edc79f6248f17c61e86d02be38c6d6b11b75b
- SHA256
  
  f63c549707775b9add6dc22526df887ea868f789c81824416db2bce6af8a50a4
- SHA512
  
  2e8a55d8ad8916a9772e73956244d1ec68c35963395fd7d71fd9ae881ab72bb30d04aa39427420fc44460e2a03a39ddc9937b69bebb6ca74835573350b605524
- SSDEEP
  
  98304:9/4JXInxCzh+jyHbhGYndKYJ/mtnZCYiZ6c+RCHuY:9/4JX0xa+jy5np8nAZ6aHu
Score

7^/10

bootkit persistence vmprotect
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistencevmprotect

behavioral2

bootkitpersistencevmprotect

© 2018-2024

Terms | Privacy