c41067c647d5685aa0116554f0e1eb95a4a114af7046daa1ccc4561edc36483e | Triage

Submit
Reports

Overview

overview

8

Static

static

1

DriverEasy_Setup.exe

windows7-x64

7

DriverEasy_Setup.exe

windows10-2004-x64

8

Sharing

General

Target

DriverEasy_Setup.exe
Size

5.2MB
Sample

230407-knk9taae41
MD5

bfb4c3cfd7d868058b300ffec858e7a2
SHA1

08b38f2082aba63160cfe1e376cb216a14269943
SHA256

c41067c647d5685aa0116554f0e1eb95a4a114af7046daa1ccc4561edc36483e
SHA512

7e1dfed4cd3957b5e5e22562ee454c117d69ef48a73996f354a1c84aad68eeb5acd2c89d7d05d1c6238fbde956c4ca96b4e92ab0ee0c8a017ddc4e9d5e8f2232
SSDEEP

98304:TkLQhsosOuPdJ2gyJgGaMMygX9jhU6ZbqAZO5z8ziZHxC3IpdpyttB:YesoYdcgyJBa4gX9jhLtqAY8ZIdpyttB

Score

8^/10

bootkit discovery evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

DriverEasy_Setup.exe

Resource

win7-20230220-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

DriverEasy_Setup.exe

Resource

win10v2004-20230220-en

bootkit discovery evasion persistence

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  DriverEasy_Setup.exe
- Size
  
  5.2MB
- MD5
  
  bfb4c3cfd7d868058b300ffec858e7a2
- SHA1
  
  08b38f2082aba63160cfe1e376cb216a14269943
- SHA256
  
  c41067c647d5685aa0116554f0e1eb95a4a114af7046daa1ccc4561edc36483e
- SHA512
  
  7e1dfed4cd3957b5e5e22562ee454c117d69ef48a73996f354a1c84aad68eeb5acd2c89d7d05d1c6238fbde956c4ca96b4e92ab0ee0c8a017ddc4e9d5e8f2232
- SSDEEP
  
  98304:TkLQhsosOuPdJ2gyJgGaMMygX9jhU6ZbqAZO5z8ziZHxC3IpdpyttB:YesoYdcgyJBa4gX9jhLtqAY8ZIdpyttB
Score

8^/10

bootkit discovery evasion persistence
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

bootkitdiscoveryevasionpersistence

© 2018-2024

Terms | Privacy