Overview

overview

7

Static

static

3

ntokrnl.exe

windows7-x64

1

ntokrnl.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ntokrnl.exe

  • Size

    7.8MB

  • Sample

    230702-xgdbvacc86

  • MD5

    1d8a4c51d6b51bbfc4c3e58831d2a07e

  • SHA1

    7bd5e971d0ca54c1fa2a56cd6c1cd1137ddbfe6a

  • SHA256

    a6c58b30e74e4184d0c89f931589aa8310c4854432c50877614de10578118ebf

  • SHA512

    8baf6aeb2043ac221381d0e81ed709b162ba4e967e278be060daa7a7857f853a20ac9b7211c4dc5b89c5934e7e10f8e833a85a2426eaa2a6f3bce0a325b19517

  • SSDEEP

    196608:htMldQmRJ8dA6loVCy1ArqkVpKCX+PrF4ZIeghQvkTF2MJh:vcdQusloVrAZYCuPJOIeg+uQW

Score
7/10
pyinstaller

Malware Config

Targets

    • Target

      ntokrnl.exe

    • Size

      7.8MB

    • MD5

      1d8a4c51d6b51bbfc4c3e58831d2a07e

    • SHA1

      7bd5e971d0ca54c1fa2a56cd6c1cd1137ddbfe6a

    • SHA256

      a6c58b30e74e4184d0c89f931589aa8310c4854432c50877614de10578118ebf

    • SHA512

      8baf6aeb2043ac221381d0e81ed709b162ba4e967e278be060daa7a7857f853a20ac9b7211c4dc5b89c5934e7e10f8e833a85a2426eaa2a6f3bce0a325b19517

    • SSDEEP

      196608:htMldQmRJ8dA6loVCy1ArqkVpKCX+PrF4ZIeghQvkTF2MJh:vcdQusloVrAZYCuPJOIeg+uQW

    Score
    7/10

    • Drops startup file

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks