Overview

overview

7

Static

static

1

recoveryto...ll.exe

windows7-x64

7

recoveryto...ll.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    recoverytoolboxforoutlookpasswordinstall.exe

  • Size

    839KB

  • Sample

    230401-jaw9gsgf84

  • MD5

    bcd11ebbaa06f6f3df4f84959f5b835d

  • SHA1

    17bf8a8f06bc5edc9b76cfa38011baee0d413c80

  • SHA256

    984d81d0eec2086985364a9f190a5a575e31740b171fb136e2e75a17c2ffde86

  • SHA512

    4680186092ebe9b6a71e46a57c8382e5c83c7effad73b83887d1aebd4090e394dea748cc1fb9ea8a94ffaf1a3bc79c25f2e9aaa0ec9072c24f4fb038f7897a34

  • SSDEEP

    24576:22UxSjabHuEXe4Sm3laMMuV4/V+8YaXav:22ou/ilD62aS

Score
7/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      recoverytoolboxforoutlookpasswordinstall.exe

    • Size

      839KB

    • MD5

      bcd11ebbaa06f6f3df4f84959f5b835d

    • SHA1

      17bf8a8f06bc5edc9b76cfa38011baee0d413c80

    • SHA256

      984d81d0eec2086985364a9f190a5a575e31740b171fb136e2e75a17c2ffde86

    • SHA512

      4680186092ebe9b6a71e46a57c8382e5c83c7effad73b83887d1aebd4090e394dea748cc1fb9ea8a94ffaf1a3bc79c25f2e9aaa0ec9072c24f4fb038f7897a34

    • SSDEEP

      24576:22UxSjabHuEXe4Sm3laMMuV4/V+8YaXav:22ou/ilD62aS

    Score
    7/10
    bootkitdiscoverypersistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks