Overview

overview

7

Static

static

3

4d911b3b1c...a7.exe

windows7-x64

7

4d911b3b1c...a7.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d911b3b1cc9a41b6b94d95f778df1a7

  • Size

    520KB

  • Sample

    231226-c8ezjaafdk

  • MD5

    4d911b3b1cc9a41b6b94d95f778df1a7

  • SHA1

    11766a112a05c64951b0226d700f4d3864493811

  • SHA256

    51cd14c4a8482edb9a81f7037b927cc43194543e7a82a73ecf9b8eddddf67354

  • SHA512

    93347a38cdcd277cf093d6f5af762dcbafb1b72705e45bf198b1cac2d6c27b17e58f2ff2404439f7ed397c7b63d70e1b9a4d35e451c29b89c284eee5326398c5

  • SSDEEP

    6144:TeTs0hGq2xVCbmDLuO+AT3pUh5/ZAGjPBjFJF:/0Eq2x1fu6uVPBLF

Score
7/10
bootkitpersistence

Malware Config

Targets

    • Target

      4d911b3b1cc9a41b6b94d95f778df1a7

    • Size

      520KB

    • MD5

      4d911b3b1cc9a41b6b94d95f778df1a7

    • SHA1

      11766a112a05c64951b0226d700f4d3864493811

    • SHA256

      51cd14c4a8482edb9a81f7037b927cc43194543e7a82a73ecf9b8eddddf67354

    • SHA512

      93347a38cdcd277cf093d6f5af762dcbafb1b72705e45bf198b1cac2d6c27b17e58f2ff2404439f7ed397c7b63d70e1b9a4d35e451c29b89c284eee5326398c5

    • SSDEEP

      6144:TeTs0hGq2xVCbmDLuO+AT3pUh5/ZAGjPBjFJF:/0Eq2x1fu6uVPBLF

    Score
    7/10
    bootkitpersistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks