Overview

overview

8

Static

static

1

nnfsske344...17.exe

windows7-x64

3

nnfsske344...17.exe

windows10-2004-x64

3

~~~~~~~~~~...33.exe

windows7-x64

8

~~~~~~~~~~...33.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ntaserv9234 g34oziy3j 5z30t5j7ze .zip

  • Size

    1.3MB

  • Sample

    230403-ydm8baae8v

  • MD5

    a760d3ecf8e8bea8eb5668c350bded21

  • SHA1

    24df59adb4a7bf15fff2d8126f316bc2f2d7d1c3

  • SHA256

    18e0d6153f0439474da64ce52edc354a9c5054cd7859652e9422e3e1c2f93ac6

  • SHA512

    38337c6293f94b655c7455f8aafbfb45031513fc3a14cb7f42361ba44e8f3a941ca168e5f6c51af14931ff7003d271546b97ca8cb9fa345f91ce5e343510d93e

  • SSDEEP

    24576:OrvfTXtiqtu71r5DXvq/gXuuDwuyhrjnTg3fQHdzfYbCd9nfsz1VL8X07G:UtSNA/gXbDjwTgPkfY2Dne15807G

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      nnfsske3444e zgaddh0n 87gz17.exe

    • Size

      3.0MB

    • MD5

      89784e5c4913328c3710f07f85f37c68

    • SHA1

      c6d91d14e828713c0ae0e86dfe500e0d0b8cd7ad

    • SHA256

      067a1685ad9ece5f23192c8049c481e45b521d7144487f3fa297f6c06afe59a5

    • SHA512

      9b3855391dc37d6becdc097a220b076014de479635548452816a55d7ec314e3954c015462bc421280482914f523172e960017746efe4b58b924009650fc3b23b

    • SSDEEP

      49152:vjb4KhpEKoulsx+SZonEKndC6mTXsPVPml:vjbbXoulFddC6FPVPk

    Score
    3/10
    behavioral1behavioral2

    • Target

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~8529133

    • Size

      262KB

    • MD5

      af9d145415e87c34bacc66428da5a096

    • SHA1

      b1b5bfd6640e1b8360407a02aa1f3a949c20a8d3

    • SHA256

      5a5c8299c0369b081406203dcff228e918db19d4a44f9e833e7d6ddb97ecb9d2

    • SHA512

      d8ba07b9aa9e667edc8fb790af4053967b72fef52b47cbc2333d6fccaf410b145aa0d6e7b5ff4381bdfe1d8aa7027037f955e49d8d8e078c0022184827bd2811

    • SSDEEP

      3072:S3FKK+qOLpWZOpHwOnxjhI1a29nMGkvmUCDzTObdPnF5od1Jc+mTSC/REMz5hMP7:S9+qOLoaXjhenMGmmUEebVF+uoU7y6tq

    Score
    8/10
    bootkitpersistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks for any installed AV software in registry

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Install Root Certificate

2
T1130

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Security Software Discovery

1
T1063

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks