netfilter | 94e3a8f25dbff86ee6fe11ee045b70055357c08ae1723598a361c96eac5e2c24 | Triage

Submit
Reports

Overview

overview

Static

static

Rootkits &...ts.zip

windows10-2004-x64

7

Resubmissions

06-11-2023 21:21

231106-z7fk1afc7y 10

06-11-2023 21:09

231106-zzlgaafb6s 10

Sharing

General

Target

Rootkits & Bootkits.zip
Size

99.1MB
Sample

231106-z7fk1afc7y
MD5

daa4a303815b2f4b3383ae4e9cb9d70b
SHA1

71ad3c455f33dff881e05816d87f43e48b6a5084
SHA256

94e3a8f25dbff86ee6fe11ee045b70055357c08ae1723598a361c96eac5e2c24
SHA512

7c2fd76a9fc12382df8abb3ad459dc962ffe07ff03fd4801eb6a68e0802df9b5a1136fec3d421ffcfb387033ea9de3d302a878f1a901257be03f6271574557fa
SSDEEP

1572864:Hz9VYu6kNhSQlSkdCUZdoinM59VVzg4dPC7v9A17V3nBDlxn3hqzLpPr:TQk/HHnMHkHBA17lnTqpPr

Score

10^/10

netfilter r77 pyinstaller upx vmprotect

Static task

static1

pyinstaller vmprotect netfilter r77

9 signatures

Behavioral task

behavioral1

Sample

Rootkits & Bootkits.zip

Resource

win10v2004-20231023-en

windows10-2004-x64

12 signatures

1200 seconds

Malware Config

Targets

- Target
  
  Rootkits & Bootkits.zip
- Size
  
  99.1MB
- MD5
  
  daa4a303815b2f4b3383ae4e9cb9d70b
- SHA1
  
  71ad3c455f33dff881e05816d87f43e48b6a5084
- SHA256
  
  94e3a8f25dbff86ee6fe11ee045b70055357c08ae1723598a361c96eac5e2c24
- SHA512
  
  7c2fd76a9fc12382df8abb3ad459dc962ffe07ff03fd4801eb6a68e0802df9b5a1136fec3d421ffcfb387033ea9de3d302a878f1a901257be03f6271574557fa
- SSDEEP
  
  1572864:Hz9VYu6kNhSQlSkdCUZdoinM59VVzg4dPC7v9A17V3nBDlxn3hqzLpPr:TQk/HHnMHkHBA17lnTqpPr
Score

7^/10

upx vmprotect
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

pyinstallervmprotectnetfilterr77

behavioral1

© 2018-2024

Terms | Privacy