Overview

overview

8

Static

static

3

25160d2e95...b1.exe

windows7-x64

7

25160d2e95...b1.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    25160d2e951384c9d246cdca92bf4b170cc06506ee774f12b973ce952ff28db1

  • Size

    6.0MB

  • Sample

    231124-e6x4fage8y

  • MD5

    66eb05f9264206013fb6754aabc6ffe1

  • SHA1

    8230b3d01db0b47221bed8e8a8abad64ef133e82

  • SHA256

    25160d2e951384c9d246cdca92bf4b170cc06506ee774f12b973ce952ff28db1

  • SHA512

    e49344087b298180674bd12fe9f78b4afdbccfa25c04a648ff470a459c5bbb1a04e0f82208082c43f23d4dbf9f9559d7f8c1d10a8f0fcfaba5598e6f8b3fa6c7

  • SSDEEP

    98304:c0G1E13HhStHxV8ItdWEZ3Xy3cB27OgUWZHwuS2JBAUZLS:nGxV8It/JiY2sWpJVu

Score
8/10
bootkitpersistenceupx

Malware Config

Targets

    • Target

      25160d2e951384c9d246cdca92bf4b170cc06506ee774f12b973ce952ff28db1

    • Size

      6.0MB

    • MD5

      66eb05f9264206013fb6754aabc6ffe1

    • SHA1

      8230b3d01db0b47221bed8e8a8abad64ef133e82

    • SHA256

      25160d2e951384c9d246cdca92bf4b170cc06506ee774f12b973ce952ff28db1

    • SHA512

      e49344087b298180674bd12fe9f78b4afdbccfa25c04a648ff470a459c5bbb1a04e0f82208082c43f23d4dbf9f9559d7f8c1d10a8f0fcfaba5598e6f8b3fa6c7

    • SSDEEP

      98304:c0G1E13HhStHxV8ItdWEZ3Xy3cB27OgUWZHwuS2JBAUZLS:nGxV8It/JiY2sWpJVu

    Score
    8/10
    bootkitpersistenceupx

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks