a3455cf8e2ce4c933567360b795ea137a1d83f7c63568ecfb0f2ec440f96ffaa | Triage

Submit
Reports

Overview

overview

8

Static

static

1

a3455cf8e2...aa.exe

windows7-x64

8

a3455cf8e2...aa.exe

windows10-2004-x64

8

Sharing

General

Target

a3455cf8e2ce4c933567360b795ea137a1d83f7c63568ecfb0f2ec440f96ffaa
Size

4.1MB
Sample

230401-1lg3dach75
MD5

431898fc759567adcec70f869d138b1f
SHA1

e83641da7ceb94e963cacd329762958d3480b949
SHA256

a3455cf8e2ce4c933567360b795ea137a1d83f7c63568ecfb0f2ec440f96ffaa
SHA512

09120d3079bfaad0dcb902872068916c3c202f541eab9c506e2df7b3ce58b5a59e868e9ec995560a25246a8e3d0154a58be5cd317af13eede4124a9020ba07f1
SSDEEP

98304:8wr/2SwTGO2/ixrmfSFUXZFsMTbTwha7G4/pGH:DiSwaixrqSuXIMT/4j4RGH

Score

8^/10

bootkit discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

a3455cf8e2ce4c933567360b795ea137a1d83f7c63568ecfb0f2ec440f96ffaa.exe

Resource

win7-20230220-en

bootkit persistence

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

a3455cf8e2ce4c933567360b795ea137a1d83f7c63568ecfb0f2ec440f96ffaa.exe

Resource

win10v2004-20230220-en

bootkit discovery persistence

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  a3455cf8e2ce4c933567360b795ea137a1d83f7c63568ecfb0f2ec440f96ffaa
- Size
  
  4.1MB
- MD5
  
  431898fc759567adcec70f869d138b1f
- SHA1
  
  e83641da7ceb94e963cacd329762958d3480b949
- SHA256
  
  a3455cf8e2ce4c933567360b795ea137a1d83f7c63568ecfb0f2ec440f96ffaa
- SHA512
  
  09120d3079bfaad0dcb902872068916c3c202f541eab9c506e2df7b3ce58b5a59e868e9ec995560a25246a8e3d0154a58be5cd317af13eede4124a9020ba07f1
- SSDEEP
  
  98304:8wr/2SwTGO2/ixrmfSFUXZFsMTbTwha7G4/pGH:DiSwaixrqSuXIMT/4j4RGH
Score

8^/10

bootkit persistence discovery
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitdiscoverypersistence

© 2018-2024

Terms | Privacy