86672606e2c825d037b853e4d452826f4b2c8e99e73295c66073b43c68aad11a | Triage

Submit
Reports

Overview

overview

8

Static

static

1

sample.html

windows10-2004-x64

8

Resubmissions

03-05-2024 16:06

240503-tkfplaag3y 6

03-05-2024 16:00

240503-tf5g6ade47 8

03-05-2024 15:57

240503-tebtfsde22 10

Sharing

General

Target

sample
Size

20KB
Sample

240503-tf5g6ade47
MD5

170c9de7c0e854c7c329fcb10ce0639a
SHA1

6f1be01abd2bf70d9cd3c4572150ded661845d8e
SHA256

86672606e2c825d037b853e4d452826f4b2c8e99e73295c66073b43c68aad11a
SHA512

15ba7d73d8fae8badc8546a23f0dec38fb476972ae0d1c83d3551d1d1e4e63fae51b01e25dc35a0a7ce815f1a386e0b43d2f8b0fb7aeac868eb57912bf83126d
SSDEEP

384:roN7VzbCFDpmReVoOs4yi9ylKeGMaU8HhhbKrui77S2LjMrSb+0IJCgMmVn:ro7iBVoOs4ymyI1MQBhbYBrMrSeJ2mVn

Score

8^/10

bootkit discovery evasion exploit persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

sample.html

Resource

win10v2004-20240419-en

bootkit discovery evasion exploit persistence upx

windows10-2004-x64

23 signatures

1800 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  20KB
- MD5
  
  170c9de7c0e854c7c329fcb10ce0639a
- SHA1
  
  6f1be01abd2bf70d9cd3c4572150ded661845d8e
- SHA256
  
  86672606e2c825d037b853e4d452826f4b2c8e99e73295c66073b43c68aad11a
- SHA512
  
  15ba7d73d8fae8badc8546a23f0dec38fb476972ae0d1c83d3551d1d1e4e63fae51b01e25dc35a0a7ce815f1a386e0b43d2f8b0fb7aeac868eb57912bf83126d
- SSDEEP
  
  384:roN7VzbCFDpmReVoOs4yi9ylKeGMaU8HhhbKrui77S2LjMrSb+0IJCgMmVn:ro7iBVoOs4ymyI1MQBhbYBrMrSeJ2mVn
Score

8^/10

bootkit discovery evasion exploit persistence upx
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Executes dropped EXE
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Modifies boot configuration data using bcdedit
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionexploitpersistenceupx

© 2018-2025

Terms | Privacy