d54cd7a1079555d90a0c80d2a9510cba0357290b9e29b585080411040eef0e3f | Triage

Submit
Reports

Overview

overview

8

Static

static

1

MacDrive 1...up.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

MacDrive 11.1.0.26 Setup.exe
Size

10.6MB
Sample

240505-n6d51ahd4y
MD5

12f146396ca3c7f65c479e9f8f80cef3
SHA1

74c0b84efacb9ffa0341fa9aea7cf1f232710413
SHA256

d54cd7a1079555d90a0c80d2a9510cba0357290b9e29b585080411040eef0e3f
SHA512

588247516b132876d3d52b2f9d59273da0e4b10598d89d0d4fdfc1e68cc9094149d2649f484db8ca9a250e3bd2f0b402851359b363284c8b7f089d9eb249e689
SSDEEP

196608:dle10tPVJ2oSle5QA5coSd7Tzg3535We0yc62CcTpx6d1S06XsvbarmLFpPn/w:dl00RGlAuAuX9XCcTpx6d1S0HjuypP/w

Score

8^/10

bootkit discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

MacDrive 11.1.0.26 Setup.exe

Resource

win10v2004-20240426-en

bootkit discovery persistence

windows10-2004-x64

29 signatures

150 seconds

Malware Config

Targets

- Target
  
  MacDrive 11.1.0.26 Setup.exe
- Size
  
  10.6MB
- MD5
  
  12f146396ca3c7f65c479e9f8f80cef3
- SHA1
  
  74c0b84efacb9ffa0341fa9aea7cf1f232710413
- SHA256
  
  d54cd7a1079555d90a0c80d2a9510cba0357290b9e29b585080411040eef0e3f
- SHA512
  
  588247516b132876d3d52b2f9d59273da0e4b10598d89d0d4fdfc1e68cc9094149d2649f484db8ca9a250e3bd2f0b402851359b363284c8b7f089d9eb249e689
- SSDEEP
  
  196608:dle10tPVJ2oSle5QA5coSd7Tzg3535We0yc62CcTpx6d1S06XsvbarmLFpPn/w:dl00RGlAuAuX9XCcTpx6d1S0HjuypP/w
Score

8^/10

bootkit discovery persistence
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

© 2018-2025

Terms | Privacy