36f4a643b55ba7dcba92c8a8e1ef5f05bf2acc1d866ea1d8752a926f848cca44 | Triage

Sharing

General

Target

0283c9a695ebf1c3add7bfb617f52300
Size

1.4MB
Sample

231229-yspppagefp
MD5

0283c9a695ebf1c3add7bfb617f52300
SHA1

3e4c5c50baa1e8f0d06b2e7ab32a54eca531ed19
SHA256

36f4a643b55ba7dcba92c8a8e1ef5f05bf2acc1d866ea1d8752a926f848cca44
SHA512

64cb19a985b87d23301e3d669d2a259d0da9bdd912bb69f3cc24d70846a57b6199f8c40a3239c04cf98806b9b43a1f3acc5f51a8f6786cb07c0b71626b70e3a2
SSDEEP

24576:tzOhQ7KVjevbA1aHV6SeQlLa1JI5goeHgtiFmTX391gTbYLS75vLqHA7ek:jyjSbbVK8GI2ohtd3jgp7NL57ek

Score

7^/10

bootkit evasion persistence trojan

Malware Config

Targets

- Target
  
  BugFire_Inject.exe
- Size
  
  937KB
- MD5
  
  fc5e99484fa6ebcfb9e863e6252ad003
- SHA1
  
  583cd422ffaa77c03b7aa0ab746a7704ad26f948
- SHA256
  
  7b46b1599b5b589b74607d1baa28ff398ee677699ee9eba0ccb7a4149bf781ae
- SHA512
  
  9cda297d59f43336d33dee820ff3cc7d91e597833ee71062c88162eede953d920f94d6e7bdcea01d5456c4dd0743b96b73307f6782be393eef93b32fa3db399e
- SSDEEP
  
  12288:FDnOb6nncl14ULj7GZ8DnQZt/Mi2SCR8RBoSHzjKjCpXxIS/e3P888888888888B:obEcl15LjaZ8DQZt7kGBoSHzjKjY
Score

3^/10
behavioral1 behavioral2
- Target
  
  CrossFire WallHack by F.R.sesin/CF-Inject.exe
- Size
  
  804KB
- MD5
  
  04f837132953fb007d1333eeabb77655
- SHA1
  
  9a756c0c3a650a7350825b7c5b85dfdad471ade8
- SHA256
  
  8849fb37089286839e9b7a488da619870714a86f7e2f25cec386b3652902cffb
- SHA512
  
  caee2bace240b54e16527ee4f9021cdbfec702631a93f1be3be16081dcf3aa79efe9aff8122ae027c0d42df70969d083cfa1d454a676ad2ee5b29610183e109e
- SSDEEP
  
  24576:tewaMhX281y6QCZZZ4mVFb9PGpyFqbID6:vXZ1y6QCZ8mVTKyFq
Score

7^/10

bootkit evasion persistence trojan
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  CrossFire WallHack by F.R.sesin/CFHack.dll
- Size
  
  36KB
- MD5
  
  2c39a91813a95c70034d0700c31e07c8
- SHA1
  
  7f38765d499f913b738703ffae861f28cc6eacff
- SHA256
  
  197264a261b50d0c9b7cf352ddf12c1e8c0ccfb055d09d3e7b68f1f14c1cb702
- SHA512
  
  3b5b36cac86ac7438b41cee251a79b2f773c6560a6d981bdbddd2e7e273935d774831a3c0583c87d2646b953a372dfcf9d8be7f5b4c1540dee8f65c7380285ff
- SSDEEP
  
  768:kE2yuTbulwUo+Mt4nESliB9Uf2f3+snN58zo4r:ruTb0oNSnH4Xoo
Score

1^/10
behavioral5 behavioral6
- Target
  
  bugfire/withInstaDefuseandNoWepChange.dll
- Size
  
  303KB
- MD5
  
  a4860c8dcb95d1e655d9e3b1887718e3
- SHA1
  
  36d1b3562720a61db20fb67850ddb863fb4811c3
- SHA256
  
  ff045c3b2a01b35dc6d39e05c233b4d8b5603a3e1411ee9408ccd968ff7808dd
- SHA512
  
  852ea7e248e2dc7c5f2365638070ec83a4fd267fd12b7781a43e501ed4231d7fe73262aa3aaa78c3186feab2097b231344a3b6227042a5e99c65670e2f663453
- SSDEEP
  
  6144:wuqctITXxcZcyGUtvNJNI9iiYDh2i888888888888W88888888888:DOQcyRXCdYDhF888888888888W88888P
Score

1^/10
behavioral7 behavioral8
- Target
  
  bugfire/withNoWepChangewoInstaDefuse.dll
- Size
  
  303KB
- MD5
  
  81854cac9b6a04666e0d92ea62256641
- SHA1
  
  22652ac71dd1123dca31e215101ca40b70ca95a3
- SHA256
  
  cee65c35cd586320409e519f34ef36db730f8d1c3d4b3c07bbdfeb83221a9121
- SHA512
  
  0ac2c86ab0157c07ac96e02e305068a6a5151308552ecb621bc5e9dad6dbb485a5cae739004da7e95ae416075556a66273ba74002afd2b1b99a940f29a75ad67
- SSDEEP
  
  6144:BuqctITXxcZcyGUtvNJNI9iiYwh2m888888888888W88888888888:kOQcyRXCdYwhp888888888888W88888P
Score

1^/10
behavioral10 behavioral9
- Target
  
  bugfire/woNoWepChangeandwoInstaDefuse.dll
- Size
  
  303KB
- MD5
  
  8e36e27b1d47af73b53582c7b651c6e2
- SHA1
  
  746020b6e7eab317fb3de5731ac378bb3c0a2607
- SHA256
  
  0b2095fb6c0440e7f196ace4094739bff6a82c8941c70d3677541911bee0c3b4
- SHA512
  
  27295f35b95c47f2c98a23f6ddf80418edfe0c790a830aa345762d67f435b4c16fadbd8da0062d749d42635fc8ab42b0786e4325971497bf79109fdc8116e355
- SSDEEP
  
  6144:KuqctITXxcZcyGUtvNJNI9iiY/h2c888888888888W88888888888:5OQcyRXCdY/hf888888888888W88888P
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

bootkitevasionpersistencetrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12