2730f3fde032339327806f31b491fb4254718f4ce607d6d18f17f14259b107df | Triage

Submit
Reports

Overview

overview

7

Static

static

1

2730f3fde0...df.exe

windows7-x64

7

2730f3fde0...df.exe

windows10-2004-x64

7

Sharing

General

Target

2730f3fde032339327806f31b491fb4254718f4ce607d6d18f17f14259b107df
Size

539KB
Sample

230406-126exahc5z
MD5

b6a7b3fc99d71c87afc3856856cb4602
SHA1

997c27f1efa078dcd3c7c17424979ac8607d38c1
SHA256

2730f3fde032339327806f31b491fb4254718f4ce607d6d18f17f14259b107df
SHA512

310465f12490ca1a91dd93d3a77bc68654ad33bdd168a9cc5e73e7f2cbcaac3778e40557d621b07d997bd40332359ea29aa012009d245053651f32244e3e060a
SSDEEP

12288:qSBNOlXxDWKz7K8mNuwBwDhwd261vF14YrcbEnq5JujEC+aW9L:zY01ObwS0jEC+aW9L

Score

7^/10

bootkit discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

2730f3fde032339327806f31b491fb4254718f4ce607d6d18f17f14259b107df.exe

Resource

win7-20230220-en

bootkit discovery persistence

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2730f3fde032339327806f31b491fb4254718f4ce607d6d18f17f14259b107df.exe

Resource

win10v2004-20230220-en

bootkit discovery persistence

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  2730f3fde032339327806f31b491fb4254718f4ce607d6d18f17f14259b107df
- Size
  
  539KB
- MD5
  
  b6a7b3fc99d71c87afc3856856cb4602
- SHA1
  
  997c27f1efa078dcd3c7c17424979ac8607d38c1
- SHA256
  
  2730f3fde032339327806f31b491fb4254718f4ce607d6d18f17f14259b107df
- SHA512
  
  310465f12490ca1a91dd93d3a77bc68654ad33bdd168a9cc5e73e7f2cbcaac3778e40557d621b07d997bd40332359ea29aa012009d245053651f32244e3e060a
- SSDEEP
  
  12288:qSBNOlXxDWKz7K8mNuwBwDhwd261vF14YrcbEnq5JujEC+aW9L:zY01ObwS0jEC+aW9L
Score

7^/10

bootkit discovery persistence
- Loads dropped DLL
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence

© 2018-2024

Terms | Privacy