b75fb381e3bfc708fb2ae57fe9ddcba282b08bbe5790449af56dde30d7c5b371 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

a994e6555f...77.exe

windows7-x64

9

a994e6555f...77.exe

windows10-2004-x64

9

Sharing

General

Target

a994e6555f2de587dd8f5a011e372077
Size

1.3MB
Sample

240227-tlyxkadg5x
MD5

a994e6555f2de587dd8f5a011e372077
SHA1

b6ed70695b034f6959ea522d0e760e68434e4602
SHA256

b75fb381e3bfc708fb2ae57fe9ddcba282b08bbe5790449af56dde30d7c5b371
SHA512

0267a110df617d94949224cb0fba57ecd7f834fc068b21437a6b9593b933f9f59efbfd37251a24ff0afa67d758f47a27daea1b91ba2da8844fefa85570456777
SSDEEP

24576:z2XEn3Bn3mvCJHeABSuAcVzVdRMHzkyKD8+NdBsd0NBX7WrZE:Kql3zleAb3VdoUNJBrM2

Score

9^/10

bootkit evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a994e6555f2de587dd8f5a011e372077.exe

Resource

win7-20240221-en

bootkit evasion persistence

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

a994e6555f2de587dd8f5a011e372077.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  a994e6555f2de587dd8f5a011e372077
- Size
  
  1.3MB
- MD5
  
  a994e6555f2de587dd8f5a011e372077
- SHA1
  
  b6ed70695b034f6959ea522d0e760e68434e4602
- SHA256
  
  b75fb381e3bfc708fb2ae57fe9ddcba282b08bbe5790449af56dde30d7c5b371
- SHA512
  
  0267a110df617d94949224cb0fba57ecd7f834fc068b21437a6b9593b933f9f59efbfd37251a24ff0afa67d758f47a27daea1b91ba2da8844fefa85570456777
- SSDEEP
  
  24576:z2XEn3Bn3mvCJHeABSuAcVzVdRMHzkyKD8+NdBsd0NBX7WrZE:Kql3zleAb3VdoUNJBrM2
Score

9^/10

bootkit evasion persistence
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistence

behavioral2

© 2018-2024

Terms | Privacy