Overview

overview

7

Static

static

7

bd7d1e0a20...98.exe

windows7-x64

7

bd7d1e0a20...98.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd7d1e0a203111916192ec1c671b6998

  • Size

    1.6MB

  • Sample

    240310-delewsbb8w

  • MD5

    bd7d1e0a203111916192ec1c671b6998

  • SHA1

    1a24c81a1c4d42a4591c75f7a46a253d9cad4cec

  • SHA256

    ed7cd15bf8ae6894d25588f18441d3e7c431b8aac6653e57b352d7b5535b0b56

  • SHA512

    227d4a5ca4d08dc81120139adf75c6f87e2329c4a0f5055f0faec39a3dd845dff33dac154d327c67796cb27acfa6762666068568d0f95f847ae428e733a3111e

  • SSDEEP

    49152:dHKlAdzwgIrkUYSE/kxzHzHm/pdN8IBt69844NQFfqO:dqCRJCHzHkpdKmJCRqO

Score
7/10
bootkitpersistencevmprotect

Malware Config

Targets

    • Target

      bd7d1e0a203111916192ec1c671b6998

    • Size

      1.6MB

    • MD5

      bd7d1e0a203111916192ec1c671b6998

    • SHA1

      1a24c81a1c4d42a4591c75f7a46a253d9cad4cec

    • SHA256

      ed7cd15bf8ae6894d25588f18441d3e7c431b8aac6653e57b352d7b5535b0b56

    • SHA512

      227d4a5ca4d08dc81120139adf75c6f87e2329c4a0f5055f0faec39a3dd845dff33dac154d327c67796cb27acfa6762666068568d0f95f847ae428e733a3111e

    • SSDEEP

      49152:dHKlAdzwgIrkUYSE/kxzHzHm/pdN8IBt69844NQFfqO:dqCRJCHzHkpdKmJCRqO

    Score
    7/10
    bootkitpersistencevmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks