da8dd46620e9f222d2375bbb7044d854c049c52212f4f280f3e50576a5abf56f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

50dda77cc11f7acf2a54530483fed313
Size

19.2MB
Sample

240110-sbh8pahedp
MD5

50dda77cc11f7acf2a54530483fed313
SHA1

fd7a1c44af963ba7c79cb1464e05efaad7bb62b1
SHA256

da8dd46620e9f222d2375bbb7044d854c049c52212f4f280f3e50576a5abf56f
SHA512

47ceb3d7340f3075c2153d4d54fcf18a6e48d233b1f24697ee621a83d60e58633b27c12a2565fc6a7585362ff3ced7f0afc6d4b54c3e066090760b1c90148c54
SSDEEP

393216:9tPIeNPlrMvT30tgicp71+21v+YQucxrMk/60o/3dMPrPaSJRgd:DQedlr0301cx1+213IIZ0ZrPXJC

Score

7^/10

bootkit persistence upx

Malware Config

Targets

- Target
  
  Crack/MyTheatre.exe
- Size
  
  3.4MB
- MD5
  
  e7eb69b747f835c6b1ce06af9b8e81a0
- SHA1
  
  c1193076c8cd29923c76ea274dbf618f51e780b1
- SHA256
  
  f8b2b8b5022feacdc01478273052224f2382aff07f63be17be28b527bde07c63
- SHA512
  
  518a3c90e5d1872f0596c99e445db12ba19e80f59851f83f28c5ab069269c688bd94869b15ae95df7ff40c4e154e0532c6b97cb2efcdc219463500f178947ea6
- SSDEEP
  
  98304:SDWSB6Fk2Ww/5nZM99/Q22I4omLRXlw1zRUVqeepzsm1d5PMXBFechyfx:jXdxJazb4VRK1rljh0FmJ
Score

7^/10

bootkit persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  MyTheatre.v3.38.exe
- Size
  
  15.9MB
- MD5
  
  73af3b631fa24cc2d5f5129f2904c4a7
- SHA1
  
  818349edaaaea53c9c3374f67ed955de7e5da117
- SHA256
  
  81b0b2000c53876e605df451baa072f002c118aa6ab08b2a3ed742f9624e953f
- SHA512
  
  683696e5e904917e37aa6ed0243f34318d0d1c040c7810b24ee16783ed6fd0ee70334a2cb3c2498e42ddd8775f8cf10da4667d8cfd5ef9c9224e6c0f5591e11e
- SSDEEP
  
  393216:PMvT30tgicp71+21v+YQucxrMk/60o/3dMPrPaSJRgx:P0301cx1+213IIZ0ZrPXJe
Score

7^/10
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  安装说明.url
- Size
  
  260B
- MD5
  
  ed83e978f409fcebba2825b084f2c140
- SHA1
  
  4548b5565354024dff5f387fa825fce7d11e67fe
- SHA256
  
  ac996e7c6b803289cbb4eb6cd62cc7e63dcd456aa18dd7fa88aed066b06218ac
- SHA512
  
  2257a6118aac1a6368749357433e037798d1765dee71addb73fa3e98b27335bf7000786a0814d6a5b3a5f63eb25f13e49559da8e192f48dd230d1c344763a377
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistenceupx

behavioral2

bootkitpersistenceupx

behavioral3

behavioral4

behavioral5

behavioral6