914c98a3776eb9e7b445d2f16af00a315583e12f25e24a724f2516842b7bae2b | Triage

Submit
Reports

Overview

overview

6

Static

static

1

anyrecover...up.exe

windows10-2004-x64

6

Sharing

General

Target

anyrecover-for-win_setup.exe
Size

4.2MB
Sample

231103-ahevqsbd43
MD5

37593a44498e843e12b690312422f35d
SHA1

fee32de3bdbe8dd8f8e91fe40cd44a3800b44e94
SHA256

914c98a3776eb9e7b445d2f16af00a315583e12f25e24a724f2516842b7bae2b
SHA512

16e894a1874ada5802626aa8abd870483c2428ae6985b39cc49b49304b9889227c05ec4ef59e98d5ac2488198b4daf50e129c94ab26a724dbbc684b98a783fc7
SSDEEP

49152:BAj55b415OiHE1rUDr4wpMS8C3SX4944YPyQZlyzIwZECxqa1uPzkh1xcfxD8Mju:B2415OiHEBUn48MS8cSX4BASVMU3+I

Score

6^/10

bootkit discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

anyrecover-for-win_setup.exe

Resource

win10v2004-20231020-en

bootkit discovery persistence

windows10-2004-x64

25 signatures

600 seconds

Malware Config

Targets

- Target
  
  anyrecover-for-win_setup.exe
- Size
  
  4.2MB
- MD5
  
  37593a44498e843e12b690312422f35d
- SHA1
  
  fee32de3bdbe8dd8f8e91fe40cd44a3800b44e94
- SHA256
  
  914c98a3776eb9e7b445d2f16af00a315583e12f25e24a724f2516842b7bae2b
- SHA512
  
  16e894a1874ada5802626aa8abd870483c2428ae6985b39cc49b49304b9889227c05ec4ef59e98d5ac2488198b4daf50e129c94ab26a724dbbc684b98a783fc7
- SSDEEP
  
  49152:BAj55b415OiHE1rUDr4wpMS8C3SX4944YPyQZlyzIwZECxqa1uPzkh1xcfxD8Mju:B2415OiHEBUn48MS8cSX4BASVMU3+I
Score

6^/10

bootkit discovery persistence
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

© 2018-2025

Terms | Privacy