Overview

overview

7

Static

static

1

ziprar.7z

windows7-x64

7

ziprar.7z

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ziprar.7z

  • Size

    3.9MB

  • Sample

    230329-m1ec5she7w

  • MD5

    ada85b435f9dcedf0b61baae04c02b1e

  • SHA1

    a93f773bcdb051bd13102bb729e9301bd18ab565

  • SHA256

    9cf8aa32ba85ad5f7efd72d512dd06e39efd60be82e75c611a99a5bd9fc057c0

  • SHA512

    4e0e5361185977e38cfb4c24b7f96a1310113cadcdbdfbc07bc210d7dc0a4477bf5f7f51f926110fc03bb6b2991e45507d19b644067413b1091cc711a53195ba

  • SSDEEP

    98304:4ilYM0FdtH44/peCy88vfqGKISARU9WwFud9zNcx+7t:4zFdtH4DvT4QkulaUt

Score
7/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      ziprar.7z

    • Size

      3.9MB

    • MD5

      ada85b435f9dcedf0b61baae04c02b1e

    • SHA1

      a93f773bcdb051bd13102bb729e9301bd18ab565

    • SHA256

      9cf8aa32ba85ad5f7efd72d512dd06e39efd60be82e75c611a99a5bd9fc057c0

    • SHA512

      4e0e5361185977e38cfb4c24b7f96a1310113cadcdbdfbc07bc210d7dc0a4477bf5f7f51f926110fc03bb6b2991e45507d19b644067413b1091cc711a53195ba

    • SSDEEP

      98304:4ilYM0FdtH44/peCy88vfqGKISARU9WwFud9zNcx+7t:4zFdtH4DvT4QkulaUt

    Score
    7/10
    bootkitdiscoverypersistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks