0921eabc66a4d48e29977c5ff24af134c32902ef1261edf7c72997f69fe368e9 | Triage

Submit
Reports

Overview

overview

6

Static

static

1

wps_office_inst.exe

windows10-1703-x64

6

Resubmissions

24-05-2023 02:38

230524-c4r4asad53 6

Sharing

General

Target

wps_office_inst.exe
Size

5.2MB
Sample

230524-c4r4asad53
MD5

7378ff57810991a9ad40afd43f990e82
SHA1

0aa6ccab2821f5b04cfee34e593d5d77780a2a26
SHA256

0921eabc66a4d48e29977c5ff24af134c32902ef1261edf7c72997f69fe368e9
SHA512

30168609800005f3341cbefdf8a159fe2ab1f8e086c0c4232276fb12c2ab973a96844894d3212e7e62f8a22cab2745658c2d3a0222e335169162e1d520495553
SSDEEP

98304:X4C9MhD0WgRTGcrafnOSqJcA2r9Guklwty0I1BYFo/xjLC:XaD0WgBfrayU9DFt7ITxC

Score

6^/10

bootkit discovery evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

wps_office_inst.exe

Resource

win10-20230220-es

bootkit discovery evasion persistence trojan

windows10-1703-x64

20 signatures

300 seconds

Malware Config

Targets

- Target
  
  wps_office_inst.exe
- Size
  
  5.2MB
- MD5
  
  7378ff57810991a9ad40afd43f990e82
- SHA1
  
  0aa6ccab2821f5b04cfee34e593d5d77780a2a26
- SHA256
  
  0921eabc66a4d48e29977c5ff24af134c32902ef1261edf7c72997f69fe368e9
- SHA512
  
  30168609800005f3341cbefdf8a159fe2ab1f8e086c0c4232276fb12c2ab973a96844894d3212e7e62f8a22cab2745658c2d3a0222e335169162e1d520495553
- SSDEEP
  
  98304:X4C9MhD0WgRTGcrafnOSqJcA2r9Guklwty0I1BYFo/xjLC:XaD0WgBfrayU9DFt7ITxC
Score

6^/10

bootkit discovery evasion persistence trojan
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Change Default File Association

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistencetrojan

© 2018-2024

Terms | Privacy