176b2fbe38f0d14ee68c65c56e2731646473c0f51e92d3affd2048959fab6bd8 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

fixer (2).exe

windows11-21h2-x64

8

Resubmissions

25-04-2024 10:28

240425-mhrwhshh5t 8

25-04-2024 07:41

240425-jjfm4agh47 9

Sharing

General

Target

fixer (2).exe
Size

180KB
Sample

240425-mhrwhshh5t
MD5

db1841bfa15492d1f6a4b46e921068a4
SHA1

9526c45f7a9d59e0a5dda1b57ddbaf8425716e9e
SHA256

176b2fbe38f0d14ee68c65c56e2731646473c0f51e92d3affd2048959fab6bd8
SHA512

22110b41d057696ed5604c84fb40c881024cc8bb045135e258e6f7b0c5baac29d40b7b2b4cb1c4a3391ab2944b43c6b293ec628901abf6447124404111e41b18
SSDEEP

3072:jh+8/+IVkJZ5UkcGkKLv/YiJlNZ9pshMniWGkJAPXsPzljLD3rv8Gz:jh95UZ5L8KL3YirfbshMiWFusPzljLDV

Score

8^/10

bootkit evasion persistence ransomware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fixer (2).exe

Resource

win11-20240412-en

bootkit evasion persistence ransomware upx

windows11-21h2-x64

30 signatures

150 seconds

Malware Config

Targets

- Target
  
  fixer (2).exe
- Size
  
  180KB
- MD5
  
  db1841bfa15492d1f6a4b46e921068a4
- SHA1
  
  9526c45f7a9d59e0a5dda1b57ddbaf8425716e9e
- SHA256
  
  176b2fbe38f0d14ee68c65c56e2731646473c0f51e92d3affd2048959fab6bd8
- SHA512
  
  22110b41d057696ed5604c84fb40c881024cc8bb045135e258e6f7b0c5baac29d40b7b2b4cb1c4a3391ab2944b43c6b293ec628901abf6447124404111e41b18
- SSDEEP
  
  3072:jh+8/+IVkJZ5UkcGkKLv/YiJlNZ9pshMniWGkJAPXsPzljLD3rv8Gz:jh95UZ5L8KL3YirfbshMiWFusPzljLDV
Score

8^/10

bootkit evasion persistence ransomware upx
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Pre-OS Boot

Bootkit

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

bootkitevasionpersistenceransomwareupx

© 2018-2024

Terms | Privacy