Overview

overview

9

Static

static

3

8169672f78...03.exe

windows7-x64

9

8169672f78...03.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8169672f78da3db3ed6f2da6581d6730bf55197cb703fa96fb98408b02dc5403

  • Size

    3.3MB

  • Sample

    240524-cl189ahg23

  • MD5

    19e3cbfb7e26ddca6332bbcd62f5d78c

  • SHA1

    67eb601047ccb6ba96de875a2326fe55da2f1dc2

  • SHA256

    8169672f78da3db3ed6f2da6581d6730bf55197cb703fa96fb98408b02dc5403

  • SHA512

    e18d1f824a2e7ad783e79a2db1e398a4a48d37f60d1f82d73f6b65ed70c98c0cdd6e605423453d6d05512aa0e2afbf77680758409d18d3cb0382f646d62b8769

  • SSDEEP

    98304:3QOH5raT1GoHKqUifIwY/L4a3X62BcFOg/9MRhM6+baj:nHcBHKqUaS/LO2BM9MDMF

Score
9/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      8169672f78da3db3ed6f2da6581d6730bf55197cb703fa96fb98408b02dc5403

    • Size

      3.3MB

    • MD5

      19e3cbfb7e26ddca6332bbcd62f5d78c

    • SHA1

      67eb601047ccb6ba96de875a2326fe55da2f1dc2

    • SHA256

      8169672f78da3db3ed6f2da6581d6730bf55197cb703fa96fb98408b02dc5403

    • SHA512

      e18d1f824a2e7ad783e79a2db1e398a4a48d37f60d1f82d73f6b65ed70c98c0cdd6e605423453d6d05512aa0e2afbf77680758409d18d3cb0382f646d62b8769

    • SSDEEP

      98304:3QOH5raT1GoHKqUifIwY/L4a3X62BcFOg/9MRhM6+baj:nHcBHKqUaS/LO2BM9MDMF

    Score
    9/10
    bootkitevasionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks