c8ae6d4acbcc5e97f7a2a67e7ea2f6e2efb4bdd1b46ccd92f4e109a6610c5eff | Triage

Submit
Reports

Overview

overview

7

Static

static

7

c8ae6d4acb...ff.exe

windows7-x64

7

c8ae6d4acb...ff.exe

windows10-2004-x64

7

Sharing

General

Target

c8ae6d4acbcc5e97f7a2a67e7ea2f6e2efb4bdd1b46ccd92f4e109a6610c5eff
Size

3.3MB
Sample

231010-c7wkwscb89
MD5

b9f4a373a4aa3a852ea6722c3f462011
SHA1

bf4cf7921dec1fc92c6af17c9cb9e3b6c5020579
SHA256

c8ae6d4acbcc5e97f7a2a67e7ea2f6e2efb4bdd1b46ccd92f4e109a6610c5eff
SHA512

9a987c2b95a20fe6df2cae639057597d9f6387eb8157c33cb056e19b98215173d347c40fdf79ccd5e36b90fba71a1c1723cc955318fca62ae65e3da625e17e29
SSDEEP

98304:lJv4YWT4keGE1BVEFBna2R1RBrEw5aV+X9NjVtCD:lJv4Ye4kqVEFBna2pBowz

Score

7^/10

bootkit persistence vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

c8ae6d4acbcc5e97f7a2a67e7ea2f6e2efb4bdd1b46ccd92f4e109a6610c5eff.exe

Resource

win7-20230831-en

bootkit persistence vmprotect

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

c8ae6d4acbcc5e97f7a2a67e7ea2f6e2efb4bdd1b46ccd92f4e109a6610c5eff.exe

Resource

win10v2004-20230915-en

bootkit persistence vmprotect

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  c8ae6d4acbcc5e97f7a2a67e7ea2f6e2efb4bdd1b46ccd92f4e109a6610c5eff
- Size
  
  3.3MB
- MD5
  
  b9f4a373a4aa3a852ea6722c3f462011
- SHA1
  
  bf4cf7921dec1fc92c6af17c9cb9e3b6c5020579
- SHA256
  
  c8ae6d4acbcc5e97f7a2a67e7ea2f6e2efb4bdd1b46ccd92f4e109a6610c5eff
- SHA512
  
  9a987c2b95a20fe6df2cae639057597d9f6387eb8157c33cb056e19b98215173d347c40fdf79ccd5e36b90fba71a1c1723cc955318fca62ae65e3da625e17e29
- SSDEEP
  
  98304:lJv4YWT4keGE1BVEFBna2R1RBrEw5aV+X9NjVtCD:lJv4Ye4kqVEFBna2pBowz
Score

7^/10

bootkit persistence vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistencevmprotect

behavioral2

bootkitpersistencevmprotect

© 2018-2024

Terms | Privacy