a22808936ae16777a1e8e487eb886cbc45e032ff201ea51976643bb35964a343 | Triage

Submit
Reports

Overview

overview

Static

static

3

52b260d448...3f.exe

windows7-x64

52b260d448...3f.exe

windows10-2004-x64

Sharing

General

Target

52b260d4480a6819ffb6420cea89223f
Size

556KB
Sample

240111-ggs5asggd3
MD5

52b260d4480a6819ffb6420cea89223f
SHA1

6559245fbab93d03b600f8e6e259c562b9c540dc
SHA256

a22808936ae16777a1e8e487eb886cbc45e032ff201ea51976643bb35964a343
SHA512

4baf8ebbe388e17edc9b3e45efb23b83e29dba69fb1894aad00e3233666fa3a998a732e7b6eb747710a3bc3ef750d7c8241763b85776b07f6f69178e1bcff05c
SSDEEP

12288:lQF3+R4MnGSLdc9CzmZKW/zVU3j8QVZSRn0wgTsErsO/gbh:rldcM0H/zV4bOKwgq5

Score

10^/10

bootkit evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

52b260d4480a6819ffb6420cea89223f.exe

Resource

win7-20231215-en

bootkit evasion persistence trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

52b260d4480a6819ffb6420cea89223f.exe

Resource

win10v2004-20231215-en

bootkit persistence upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  52b260d4480a6819ffb6420cea89223f
- Size
  
  556KB
- MD5
  
  52b260d4480a6819ffb6420cea89223f
- SHA1
  
  6559245fbab93d03b600f8e6e259c562b9c540dc
- SHA256
  
  a22808936ae16777a1e8e487eb886cbc45e032ff201ea51976643bb35964a343
- SHA512
  
  4baf8ebbe388e17edc9b3e45efb23b83e29dba69fb1894aad00e3233666fa3a998a732e7b6eb747710a3bc3ef750d7c8241763b85776b07f6f69178e1bcff05c
- SSDEEP
  
  12288:lQF3+R4MnGSLdc9CzmZKW/zVU3j8QVZSRn0wgTsErsO/gbh:rldcM0H/zV4bOKwgq5
Score

10^/10

bootkit evasion persistence trojan upx
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Installed Components in the registry
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Modifies WinLogon
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitevasionpersistencetrojanupx

behavioral2

bootkitpersistenceupx

© 2018-2024

Terms | Privacy