9a36b881c9de874aee880bbb2f990bd84c6dad5cc396c188251a185f8e4a9b4e | Triage

Submit
Reports

Overview

overview

Static

static

1

malware

windows11-21h2-x64

Sharing

General

Target

malware
Size

292KB
Sample

240428-asfj1sbh85
MD5

3a39d91741e5de0301da31e22db954e5
SHA1

e4a068292ec2fef1634e1212aae81ef4699d9364
SHA256

9a36b881c9de874aee880bbb2f990bd84c6dad5cc396c188251a185f8e4a9b4e
SHA512

5dfa19e1a366fc2f9ddf72f5f22c07d254106f26b1fac252ccf79c96f7e05e220cf8ad18d16acb0511eda41e3e51946c07666d383f1c5ba9f9699236a57f5f1c
SSDEEP

6144:rHQhR2n9ddKM2vkm0aWyRv3W9MvZJT3CqbMrhryfQNRPaCieMjAkvCJv1Vi0Zgt9:zQhR2n9ddKM2vkm0aWyRv3W9MvZJT3CU

Score

10^/10

bootkit evasion persistence ransomware trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

malware

Resource

win11-20240426-en

bootkit evasion persistence ransomware trojan upx

windows11-21h2-x64

27 signatures

1800 seconds

Malware Config

Targets

- Target
  
  malware
- Size
  
  292KB
- MD5
  
  3a39d91741e5de0301da31e22db954e5
- SHA1
  
  e4a068292ec2fef1634e1212aae81ef4699d9364
- SHA256
  
  9a36b881c9de874aee880bbb2f990bd84c6dad5cc396c188251a185f8e4a9b4e
- SHA512
  
  5dfa19e1a366fc2f9ddf72f5f22c07d254106f26b1fac252ccf79c96f7e05e220cf8ad18d16acb0511eda41e3e51946c07666d383f1c5ba9f9699236a57f5f1c
- SSDEEP
  
  6144:rHQhR2n9ddKM2vkm0aWyRv3W9MvZJT3CqbMrhryfQNRPaCieMjAkvCJv1Vi0Zgt9:zQhR2n9ddKM2vkm0aWyRv3W9MvZJT3CU
Score

10^/10

bootkit evasion persistence ransomware trojan upx
- UAC bypass
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Pre-OS Boot

Bootkit

Scheduled Task/Job

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

bootkitevasionpersistenceransomwaretrojanupx

© 2018-2024

Terms | Privacy