c7c44cc009c57af8393d11f4ac9380811f10994630b7c8e0ee94f5b6a53bfff5 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

c7c44cc009...f5.exe

windows7-x64

9

c7c44cc009...f5.exe

windows10-2004-x64

9

Sharing

General

Target

c7c44cc009c57af8393d11f4ac9380811f10994630b7c8e0ee94f5b6a53bfff5
Size

3.9MB
Sample

240525-wyltwadg23
MD5

e6dc4acab0e39d6e9dea1d8bdbdd110e
SHA1

7428dcde4998fec6f43593c776394177a82802dd
SHA256

c7c44cc009c57af8393d11f4ac9380811f10994630b7c8e0ee94f5b6a53bfff5
SHA512

2beb1c4335277e1e6d0e5e7dd33954a7f9d6dc774f65959a6befbef46be39bd73bcf220152e4e0034a82e2f543a78b1c4db09b81f479b138b9d51a915ac53051
SSDEEP

98304:vz0FX0WKC+oZNkVxCDyEZif2nZ8cHtxPuLv:vz0RzKC+4kf8yRf2nDW

Score

9^/10

bootkit evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c7c44cc009c57af8393d11f4ac9380811f10994630b7c8e0ee94f5b6a53bfff5.exe

Resource

win7-20240508-en

bootkit evasion persistence trojan upx

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

c7c44cc009c57af8393d11f4ac9380811f10994630b7c8e0ee94f5b6a53bfff5.exe

Resource

win10v2004-20240508-en

bootkit evasion persistence trojan upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  c7c44cc009c57af8393d11f4ac9380811f10994630b7c8e0ee94f5b6a53bfff5
- Size
  
  3.9MB
- MD5
  
  e6dc4acab0e39d6e9dea1d8bdbdd110e
- SHA1
  
  7428dcde4998fec6f43593c776394177a82802dd
- SHA256
  
  c7c44cc009c57af8393d11f4ac9380811f10994630b7c8e0ee94f5b6a53bfff5
- SHA512
  
  2beb1c4335277e1e6d0e5e7dd33954a7f9d6dc774f65959a6befbef46be39bd73bcf220152e4e0034a82e2f543a78b1c4db09b81f479b138b9d51a915ac53051
- SSDEEP
  
  98304:vz0FX0WKC+oZNkVxCDyEZif2nZ8cHtxPuLv:vz0RzKC+4kf8yRf2nDW
Score

9^/10

bootkit evasion persistence trojan upx
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistencetrojanupx

behavioral2

bootkitevasionpersistencetrojanupx

© 2018-2024

Terms | Privacy