Overview

overview

7

Static

static

3

c4d3c80d9a...5a.exe

windows7-x64

7

c4d3c80d9a...5a.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    c4d3c80d9a96d61d2625698a8b64385a

  • Size

    431KB

  • Sample

    240313-dqcl5add57

  • MD5

    c4d3c80d9a96d61d2625698a8b64385a

  • SHA1

    90084e59306dcef4aa2dd1dc202b8ccc83c8ef5e

  • SHA256

    e1a1fc9a223ba456da15b2abbf997b671bd20847c2ccc889f5044eb93553c785

  • SHA512

    ac3b87d09c24309096be703ba0743d9b75082c51416b160a7117836b1d93a8d2be73d7cb51e7933ac76cb033ff343a5a13c729a8b8305c67944648499b0a0184

  • SSDEEP

    12288:Q3bllAjNjrRnpwPA1l+f9sRIn+KkoXx7nzA5:Q3DAjNjrhpw410pkG5zA5

Score
7/10
bootkitpersistenceupx

Malware Config

Targets

    • Target

      c4d3c80d9a96d61d2625698a8b64385a

    • Size

      431KB

    • MD5

      c4d3c80d9a96d61d2625698a8b64385a

    • SHA1

      90084e59306dcef4aa2dd1dc202b8ccc83c8ef5e

    • SHA256

      e1a1fc9a223ba456da15b2abbf997b671bd20847c2ccc889f5044eb93553c785

    • SHA512

      ac3b87d09c24309096be703ba0743d9b75082c51416b160a7117836b1d93a8d2be73d7cb51e7933ac76cb033ff343a5a13c729a8b8305c67944648499b0a0184

    • SSDEEP

      12288:Q3bllAjNjrRnpwPA1l+f9sRIn+KkoXx7nzA5:Q3DAjNjrhpw410pkG5zA5

    Score
    7/10
    bootkitpersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks