Overview

overview

8

Static

static

1

Screenshot...AM.png

windows7-x64

8

Screenshot...AM.png

windows10-2004-x64

3

Resubmissions

04-05-2023 16:42

230504-t741psff5y 8

04-05-2023 16:34

230504-t244hsdg58 8

04-05-2023 16:18

230504-try5hsfe31 8

04-05-2023 16:11

230504-tnamrafd9y 6

04-05-2023 16:08

230504-tlmjjafd9t 8

04-05-2023 16:00

230504-tfl1tafd6y 8

04-05-2023 15:57

230504-tdw31afd5w 8

04-05-2023 15:52

230504-ta8bvsde52 8

04-05-2023 15:49

230504-s9jl4sfd2x 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Screenshot 2023-05-04 8.24.42 AM.png

  • Size

    27KB

  • Sample

    230504-try5hsfe31

  • MD5

    00f570c756caab8c20ecabdc996c69d3

  • SHA1

    88d2f10c67a4566478e9b2ceddd52cac9b5fdb3b

  • SHA256

    ffcd284dd3f33ba4861dab647aaab24b929fc582df1759e711fcb1695960a0d4

  • SHA512

    f5013ce3427447a2107a205a4f8c85b764e5dfe9543381881aa4ea6afaf8967c7ed813ebc5de06f602940b054f2edbe6d11858b8858c25d6dab921232ae3f49d

  • SSDEEP

    768:gAAAAdwBgjVNFfZhHhzG+sXrwTOw9KxLgzZV4Kqc9Eu:gAAAAdwB4nFfZhBO7XbeZ6KquEu

Score
8/10
bootkitdiscoveryevasionexploitpersistenceupx

Malware Config

Targets

    • Target

      Screenshot 2023-05-04 8.24.42 AM.png

    • Size

      27KB

    • MD5

      00f570c756caab8c20ecabdc996c69d3

    • SHA1

      88d2f10c67a4566478e9b2ceddd52cac9b5fdb3b

    • SHA256

      ffcd284dd3f33ba4861dab647aaab24b929fc582df1759e711fcb1695960a0d4

    • SHA512

      f5013ce3427447a2107a205a4f8c85b764e5dfe9543381881aa4ea6afaf8967c7ed813ebc5de06f602940b054f2edbe6d11858b8858c25d6dab921232ae3f49d

    • SSDEEP

      768:gAAAAdwBgjVNFfZhHhzG+sXrwTOw9KxLgzZV4Kqc9Eu:gAAAAdwB4nFfZhBO7XbeZ6KquEu

    Score
    8/10
    bootkitdiscoveryevasionexploitpersistenceupx

    • Disables Task Manager via registry modification

      evasion

    • Possible privilege escalation attempt

      exploit

    • Executes dropped EXE

    • Modifies file permissions

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Modifies boot configuration data using bcdedit

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks