Overview

overview

8

Static

static

1

XunLeiWebS...dl.exe

windows7-x64

8

XunLeiWebS...dl.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    XunLeiWebSetup10.1.18.500dl.exe

  • Size

    4.3MB

  • Sample

    230721-wfq1wagh3w

  • MD5

    325672640e45536fff962a44b0696118

  • SHA1

    1c7da13a614a889b7d19d5bdcd2eaf91cd44bbae

  • SHA256

    34823b21f19729474452aef3cd77a533cc00828184ec0527384c0c3f0ca3d118

  • SHA512

    e5229aed7adb5a968ace8ffea3754ffed453a4989d0e67bf8e269da5e264f627fc9cd2c567e0544d3cbb9202a1719bafee6a32b8a7f020a34132c907f8c2213c

  • SSDEEP

    98304:DDUV8CMjcqzgRARtrrltF4SLPpooaQZAQE:DDw8ChCRtrpkSRdZW

Score
8/10
bootkitevasionpersistence

Malware Config

Targets

    • Target

      XunLeiWebSetup10.1.18.500dl.exe

    • Size

      4.3MB

    • MD5

      325672640e45536fff962a44b0696118

    • SHA1

      1c7da13a614a889b7d19d5bdcd2eaf91cd44bbae

    • SHA256

      34823b21f19729474452aef3cd77a533cc00828184ec0527384c0c3f0ca3d118

    • SHA512

      e5229aed7adb5a968ace8ffea3754ffed453a4989d0e67bf8e269da5e264f627fc9cd2c567e0544d3cbb9202a1719bafee6a32b8a7f020a34132c907f8c2213c

    • SSDEEP

      98304:DDUV8CMjcqzgRARtrrltF4SLPpooaQZAQE:DDw8ChCRtrpkSRdZW

    Score
    8/10
    bootkitevasionpersistence

    • Modifies Windows Firewall

      evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks