Overview

overview

9

Static

static

3

4a6ab4b5c4...7b.exe

windows7-x64

9

4a6ab4b5c4...7b.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4a6ab4b5c4b58f02a728510de04547dcb6029b3a338d06318a13440a126d717b

  • Size

    4.8MB

  • Sample

    240525-wsm5rada4w

  • MD5

    5defe1b9d5a15cd1efeba9f7a264d38c

  • SHA1

    8337fc4e06f453cbecca491de97c3ea4543759a9

  • SHA256

    4a6ab4b5c4b58f02a728510de04547dcb6029b3a338d06318a13440a126d717b

  • SHA512

    31ca60d908594c550638142b676da239cfdda125ce9f3555115be1839be75527c47f5f4b945a3a02c6659c1662193a1eb7e29951c860fe9a98cf7881370554c6

  • SSDEEP

    98304:eIIYZENCg0lxVQjNMwmHs3coLdFAkYIVEOx5VWr5hSBGz8isqXd:eDCgmQjNM0coLjAaJrI+a8g

Score
9/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      4a6ab4b5c4b58f02a728510de04547dcb6029b3a338d06318a13440a126d717b

    • Size

      4.8MB

    • MD5

      5defe1b9d5a15cd1efeba9f7a264d38c

    • SHA1

      8337fc4e06f453cbecca491de97c3ea4543759a9

    • SHA256

      4a6ab4b5c4b58f02a728510de04547dcb6029b3a338d06318a13440a126d717b

    • SHA512

      31ca60d908594c550638142b676da239cfdda125ce9f3555115be1839be75527c47f5f4b945a3a02c6659c1662193a1eb7e29951c860fe9a98cf7881370554c6

    • SSDEEP

      98304:eIIYZENCg0lxVQjNMwmHs3coLdFAkYIVEOx5VWr5hSBGz8isqXd:eDCgmQjNM0coLjAaJrI+a8g

    Score
    9/10
    bootkitevasionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks