Overview

overview

10

Static

static

1

MalwareDatabase

windows10-2004-x64

Resubmissions

23-02-2024 17:14

240223-vr1h1seg8z 10

23-02-2024 17:12

240223-vq45taeg8t 1

23-02-2024 17:03

240223-vk48madg45 8

23-02-2024 17:03

240223-vkpsyaeg2s 1

23-02-2024 16:59

240223-vhmkssef7z 6

23-02-2024 16:49

240223-vbvmtsde58 10

23-02-2024 16:45

240223-t9wgcade26 4

23-02-2024 16:38

240223-t5gsdsdd24 6

23-02-2024 16:35

240223-t3x2ladc79 6

23-02-2024 16:33

240223-t22ndsec5v 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MalwareDatabase

  • Size

    285KB

  • Sample

    240223-vr1h1seg8z

  • MD5

    8adbc73e595f87a63b1efe9dc51ce993

  • SHA1

    942d0f1b51055b5f0ae1f319c4509da66f8295d8

  • SHA256

    3cc951ba5d33757ea90766b47a7174ed5b1c7600f5f47d418e3b1fcfabe54f7e

  • SHA512

    c70bd77e192dc1c5da185d37b021c0cc23649512e8c9b9b46959fe488438ba3e8c4538bddd076ad232fc02e87727175bd15387c098b695c2f1556445bb0ec8ed

  • SSDEEP

    6144:iDuqJ5fBrVSgE29xxspm0n1vuz3U9ovZJT3CqbMrhryfQNRPaCieMjAkvCJv1Vi/:afBrVSgE29xxspm0n1vuz3U9ovZJT3CU

Score
10/10
bootkitdiscoveryevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      MalwareDatabase

    • Size

      285KB

    • MD5

      8adbc73e595f87a63b1efe9dc51ce993

    • SHA1

      942d0f1b51055b5f0ae1f319c4509da66f8295d8

    • SHA256

      3cc951ba5d33757ea90766b47a7174ed5b1c7600f5f47d418e3b1fcfabe54f7e

    • SHA512

      c70bd77e192dc1c5da185d37b021c0cc23649512e8c9b9b46959fe488438ba3e8c4538bddd076ad232fc02e87727175bd15387c098b695c2f1556445bb0ec8ed

    • SSDEEP

      6144:iDuqJ5fBrVSgE29xxspm0n1vuz3U9ovZJT3CqbMrhryfQNRPaCieMjAkvCJv1Vi/:afBrVSgE29xxspm0n1vuz3U9ovZJT3CU

    Score
    10/10
    bootkitdiscoveryevasionpersistencespywarestealertrojan

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Sets service image path in registry

      persistence

    • Uses Session Manager for persistence

      Creates Session Manager registry key to run executable early in system boot.

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Registers COM server for autorun

      persistence

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks