Overview

overview

10

Static

static

3

Windows Vi...te.exe

windows7-x64

10

Windows Vi...te.exe

windows10-2004-x64

5

Windows Vi...om.url

windows7-x64

1

Windows Vi...om.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27d8da90b04774d8dc488c68a88bcaff

  • Size

    1.2MB

  • Sample

    231231-ew4s8sbha6

  • MD5

    27d8da90b04774d8dc488c68a88bcaff

  • SHA1

    73cd41a214ffd228afa8efad301b4c419ce2a022

  • SHA256

    b962ca4ab70ca86d848ab69b132d0a4c7be9dd2a134af921151e020bca1b32fd

  • SHA512

    5f6bda939b69b2197b67f1a422d62eed5d504ed3598f2aecb3654db6b7507d87ad8fd79c0fc0a4036aab87c94f4e66f9b2fc53112d103021da3b0193c72551de

  • SSDEEP

    24576:7927wgPgg93QOobHOep9gfywCSsC0iaVvoXLOBwESNJkrQomGJ4:79gjAO0T7ST0FVvoXamgzmH

Score
10/10
bootkitpersistence

Malware Config

Targets

    • Target

      Windows Vista Activation/Activate.exe

    • Size

      1.4MB

    • MD5

      a24a3159f181f2b512ff7c76533ebb81

    • SHA1

      6fd539c29d49659ebc043c8b8e3ef27095fd63db

    • SHA256

      429fa50962dff9b6ed601b4926487c463a73043e9e6e5a420642412771faa6f8

    • SHA512

      55e38b5d2dd2505a075ddccc8a855e7de90361cfde5b53dead18185f090172869a226c7e52b5d9e47f2ef76ec68a4db2d7bac6b90bc21a7ca780fec3e469c56e

    • SSDEEP

      24576:/Qc5TVqCdqsoDthQs8KWuuLkQyQLO1D3rRJQXYeik9FPgvOt074doRxrrrrU8:/9AfiMiYdPRJQIe5qOt074doRxrrrrd

    Score
    10/10
    bootkitpersistence

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Windows Vista Activation/www.9down.com.url

    • Size

      110B

    • MD5

      0eabbbe6f73b64627e182a0c2e157f2f

    • SHA1

      505cd8280d1b8a26700c1b8f819f06d5c51130be

    • SHA256

      84a09e9b959a5394392978079bcffbd29034fa44699d1c1508c0e0a40e50132c

    • SHA512

      f3d9498eab440911cd296664cab3ded87e0ffa49efedf689465c04b632ed17b360c1e43e2365919e051da54fa5dc2b89816c7009fb80b6f77d2ce6c7b26b700e

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks