Overview

overview

8

Static

static

3

a0c64311d0...52.exe

windows7-x64

8

a0c64311d0...52.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    a0c64311d07a13857d447ba27b546873cc7f762849615ca3025888545f7dfb52

  • Size

    1.1MB

  • Sample

    231002-mwbfpahc2z

  • MD5

    7b4c1e372599d42c889ff2b02adb139f

  • SHA1

    4b2f6c44f8ddbc7ea5280fcdd142fcd688c83dba

  • SHA256

    a0c64311d07a13857d447ba27b546873cc7f762849615ca3025888545f7dfb52

  • SHA512

    6727e04dc245c19ff42e7ec234c6ff03e3445a9efc75a9869588fb232b522796be111e3d16fa12ad49230a46cb1081d9022931fdb6565a25a93c9c5efdbe2e34

  • SSDEEP

    12288:wTEn2Nnmxz36J1Pn/CdEIIdKuDm5cer9v10xna+yG72Hr1mZ5aAY:w7Nmxj6DP/COp+rga+yGGZmZ51Y

Score
8/10
bootkitevasionpersistenceransomware

Malware Config

Targets

    • Target

      a0c64311d07a13857d447ba27b546873cc7f762849615ca3025888545f7dfb52

    • Size

      1.1MB

    • MD5

      7b4c1e372599d42c889ff2b02adb139f

    • SHA1

      4b2f6c44f8ddbc7ea5280fcdd142fcd688c83dba

    • SHA256

      a0c64311d07a13857d447ba27b546873cc7f762849615ca3025888545f7dfb52

    • SHA512

      6727e04dc245c19ff42e7ec234c6ff03e3445a9efc75a9869588fb232b522796be111e3d16fa12ad49230a46cb1081d9022931fdb6565a25a93c9c5efdbe2e34

    • SSDEEP

      12288:wTEn2Nnmxz36J1Pn/CdEIIdKuDm5cer9v10xna+yG72Hr1mZ5aAY:w7Nmxj6DP/COp+rga+yGGZmZ51Y

    Score
    8/10
    bootkitevasionpersistenceransomware

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks