74ae420d08ac07c20d205b449896aee75926c45c6236608463710a5a01c1644f | Triage

Submit
Reports

Overview

overview

7

Static

static

1

startup.exe

windows7-x64

7

Resubmissions

03-04-2023 00:23

230403-apg9fadb5t 7

03-04-2023 00:17

230403-ak6fgabg65 7

Sharing

General

Target

startup.exe
Size

3.9MB
Sample

230403-apg9fadb5t
MD5

f9d653cfd59bf94924d5e5de664d9551
SHA1

e77cf1a565322a026802fb7333bca2714f42ee4d
SHA256

74ae420d08ac07c20d205b449896aee75926c45c6236608463710a5a01c1644f
SHA512

1ad65b059b2a6e5e6ce8601977472fd23e562956de0929302e2fc445417498b5cb9abb43fffd8ada52fbcc04c9b783bbd7fef09c939401e1b218914884b87ea4
SSDEEP

98304:2INSsMuJIh61BCmK8S9u5fOlvXXdRE4Y6dtKGqTe8ot:L1Q6nCmKp1XX3M63eyrt

Score

7^/10

bootkit evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

startup.exe

Resource

win7-20230220-en

bootkit evasion persistence trojan

windows7-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  startup.exe
- Size
  
  3.9MB
- MD5
  
  f9d653cfd59bf94924d5e5de664d9551
- SHA1
  
  e77cf1a565322a026802fb7333bca2714f42ee4d
- SHA256
  
  74ae420d08ac07c20d205b449896aee75926c45c6236608463710a5a01c1644f
- SHA512
  
  1ad65b059b2a6e5e6ce8601977472fd23e562956de0929302e2fc445417498b5cb9abb43fffd8ada52fbcc04c9b783bbd7fef09c939401e1b218914884b87ea4
- SSDEEP
  
  98304:2INSsMuJIh61BCmK8S9u5fOlvXXdRE4Y6dtKGqTe8ot:L1Q6nCmKp1XX3M63eyrt
Score

7^/10

bootkit evasion persistence trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitevasionpersistencetrojan

© 2018-2024

Terms | Privacy