Overview

overview

10

Static

static

3

00776ad129...e1.exe

windows7-x64

10

00776ad129...e1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    00776ad129ddfb3b3a100b5ec5fdace1

  • Size

    312KB

  • Sample

    231225-c5mvzacacp

  • MD5

    00776ad129ddfb3b3a100b5ec5fdace1

  • SHA1

    0616d53a85567ea2873ebc689e167e7c2c90736a

  • SHA256

    449bb21e1f462ef1844b64dd96919d0b90828c135d103703fb2aa250eb094a55

  • SHA512

    a7a87d1dbbe15988e5b12295bff9e4b3051488aa2fa3f1beaa8caf19c058c69242f26d29c87aa92634d12474dc6fc865d402a3def3cce6ad97f602ff0d25ab6d

  • SSDEEP

    6144:s9ajfKJ8rrvZDUQySRbmgv98sf2zwn49WsN7:s9aLKj08sbVO

Score
10/10
bootkitevasionpersistenceupx

Malware Config

Targets

    • Target

      00776ad129ddfb3b3a100b5ec5fdace1

    • Size

      312KB

    • MD5

      00776ad129ddfb3b3a100b5ec5fdace1

    • SHA1

      0616d53a85567ea2873ebc689e167e7c2c90736a

    • SHA256

      449bb21e1f462ef1844b64dd96919d0b90828c135d103703fb2aa250eb094a55

    • SHA512

      a7a87d1dbbe15988e5b12295bff9e4b3051488aa2fa3f1beaa8caf19c058c69242f26d29c87aa92634d12474dc6fc865d402a3def3cce6ad97f602ff0d25ab6d

    • SSDEEP

      6144:s9ajfKJ8rrvZDUQySRbmgv98sf2zwn49WsN7:s9aLKj08sbVO

    Score
    10/10
    bootkitevasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Adds policy Run key to start application

      persistence

    • Modifies Installed Components in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks