Overview

overview

7

Static

static

7

_GetClientID.exe

windows7-x64

7

_GetClientID.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    _GetClientID.exe.zip

  • Size

    3.3MB

  • Sample

    230403-nlw53sfh3w

  • MD5

    09b13a73e0492283cbc406c0fdab644a

  • SHA1

    bbde804405f1e5f3768aba258aeed2602fcb792c

  • SHA256

    a9d7fa819408a2d14563c3b7d2a7c7219129d8ba0352d79e3874433158550c39

  • SHA512

    ba6b7f506a71a46b5fb4a2a3d53179461620280b0fe0bd77624fa0be5e7b7658075e0e51a698459fd1b995e479217b0961fb8d3bcdaaa233c5575643ccca7e11

  • SSDEEP

    98304:2KwD7LOISyCv7iDD9H3zF/Cttz1IQaBDS0ueR2bAG:2Kk7LOU++n9DF/Cfalpuugr

Score
7/10
bootkitpersistencevmprotect

Malware Config

Targets

    • Target

      _GetClientID.exe

    • Size

      3.5MB

    • MD5

      080c2c3d5cc7ab1029f12d08b403cc50

    • SHA1

      6f0dd3f538a654950c8dfdf9e2a0b0b784a999f0

    • SHA256

      84ff9bc30a5062515928c38b3bee7b0b3976c3089e25e3784bd4e78256f36cf1

    • SHA512

      ef08eba8ee065777cc77a9191ee0658e015cecceb0fa7fe26555fa600660d9c0e4a7af746ad870faccc6953cfc39f2af713ddc9a5e102e2fb66669bc3cf0602e

    • SSDEEP

      98304:ZUSkVbU8a86PGZ/ITGVKdigkgxFquID206I3zv4IF5:OSwa86OVIT2qirg0J3zwg

    Score
    7/10
    bootkitpersistencevmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks