d88193b1bd5218c0a14f7956bd957b09b3bab68ad279459b18a8b48323b79046 | Triage

Submit
Reports

Overview

overview

8

Static

static

7

d88193b1bd...6b.exe

windows7-x64

8

d88193b1bd...6b.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

d88193b1bd5218c0a14f7956b.exe
Size

5.3MB
Sample

230704-xpgdgahh5z
MD5

5f6f01c02dd671569bc0794e5dd689fd
SHA1

0d7108dd4b73ff994ca861254df7f1dda65adcd4
SHA256

d88193b1bd5218c0a14f7956bd957b09b3bab68ad279459b18a8b48323b79046
SHA512

1ff4c48a97ff027b9deda2f2dc110c678d19276cbf8f64986a10ab2c17eb97086ab580ee21e4889b16e6e4238ce1043e95bf40cf6d4b0c6d35856f68f681a520
SSDEEP

98304:IcqEQFUDGfIv0jBY29C7Twsc2ErlvsoQG8y0Wu2gvE/E4L2si9vuquc:uQGwv0jPAEZ2G8y0Wu2OE84xLc

Score

8^/10

bootkit persistence vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d88193b1bd5218c0a14f7956b.exe

Resource

win7-20230703-en

bootkit persistence vmprotect

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

d88193b1bd5218c0a14f7956b.exe

Resource

win10v2004-20230703-en

bootkit persistence vmprotect

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  d88193b1bd5218c0a14f7956b.exe
- Size
  
  5.3MB
- MD5
  
  5f6f01c02dd671569bc0794e5dd689fd
- SHA1
  
  0d7108dd4b73ff994ca861254df7f1dda65adcd4
- SHA256
  
  d88193b1bd5218c0a14f7956bd957b09b3bab68ad279459b18a8b48323b79046
- SHA512
  
  1ff4c48a97ff027b9deda2f2dc110c678d19276cbf8f64986a10ab2c17eb97086ab580ee21e4889b16e6e4238ce1043e95bf40cf6d4b0c6d35856f68f681a520
- SSDEEP
  
  98304:IcqEQFUDGfIv0jBY29C7Twsc2ErlvsoQG8y0Wu2gvE/E4L2si9vuquc:uQGwv0jPAEZ2G8y0Wu2OE84xLc
Score

8^/10

bootkit persistence vmprotect
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistencevmprotect

behavioral2

bootkitpersistencevmprotect

© 2018-2025

Terms | Privacy