Overview

overview

7

Static

static

1

4b262578a9...52.exe

windows7-x64

7

4b262578a9...52.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4b262578a96de8cc127711056ae5b214493586e128bb2368007f2f416d0de452

  • Size

    15.7MB

  • Sample

    240525-w2dmnsdd6s

  • MD5

    c7c604664d5b11906b87c0fc59acc434

  • SHA1

    394b3d8cb03da0495d4a10c5b48217aae89ed6f2

  • SHA256

    4b262578a96de8cc127711056ae5b214493586e128bb2368007f2f416d0de452

  • SHA512

    3cce5bac053cc2215a79376ddd83fa8ee08c54602461376f14a7ebb60d27e285bcab0622c5a26d885f9b900c4603eb7c859c169646297583f8a9a4d5dc8ac41f

  • SSDEEP

    393216:TpQDbvtSyNQadsI9Tq6yI1MAaJJGfNE4iuvYi1S:TUjtSyCaKWqhdQlEOd1S

Score
7/10
bootkitpersistenceupx

Malware Config

Targets

    • Target

      4b262578a96de8cc127711056ae5b214493586e128bb2368007f2f416d0de452

    • Size

      15.7MB

    • MD5

      c7c604664d5b11906b87c0fc59acc434

    • SHA1

      394b3d8cb03da0495d4a10c5b48217aae89ed6f2

    • SHA256

      4b262578a96de8cc127711056ae5b214493586e128bb2368007f2f416d0de452

    • SHA512

      3cce5bac053cc2215a79376ddd83fa8ee08c54602461376f14a7ebb60d27e285bcab0622c5a26d885f9b900c4603eb7c859c169646297583f8a9a4d5dc8ac41f

    • SSDEEP

      393216:TpQDbvtSyNQadsI9Tq6yI1MAaJJGfNE4iuvYi1S:TUjtSyCaKWqhdQlEOd1S

    Score
    7/10
    bootkitpersistenceupx

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies boot configuration data using bcdedit

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks