Overview

overview

7

Static

static

3

aaa2c54f81...cc.exe

windows7-x64

7

aaa2c54f81...cc.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aaa2c54f8119f9a24706ebacf1e95fa4d9c9aa969b88235415bba1ff16bc15cc

  • Size

    6.9MB

  • Sample

    240525-yap8haff3w

  • MD5

    fc3fdd248bbcbe7b8a8729ae95817e13

  • SHA1

    ce9bb8d76b572c7d782735027177ed608ce3be76

  • SHA256

    aaa2c54f8119f9a24706ebacf1e95fa4d9c9aa969b88235415bba1ff16bc15cc

  • SHA512

    c639d19327b2bc11d16c8b57b4eb3a9b47d6fd5e99d36aad2b5feb5080fe76abcbae064a9150024ff19dfb1169f59be6b650524cec8219759a3cf6aa74f19dff

  • SSDEEP

    49152:bxJhuIXD4WLRib3WznrOqlcqrOb2TbZi3Z1XoBxsIkIT6geaxQKKgrH5pPV80X0e:wg48cb3WzrOqGqrOSg3r8VOVY

Score
7/10
bootkitpersistenceransomwareupx

Malware Config

Targets

    • Target

      aaa2c54f8119f9a24706ebacf1e95fa4d9c9aa969b88235415bba1ff16bc15cc

    • Size

      6.9MB

    • MD5

      fc3fdd248bbcbe7b8a8729ae95817e13

    • SHA1

      ce9bb8d76b572c7d782735027177ed608ce3be76

    • SHA256

      aaa2c54f8119f9a24706ebacf1e95fa4d9c9aa969b88235415bba1ff16bc15cc

    • SHA512

      c639d19327b2bc11d16c8b57b4eb3a9b47d6fd5e99d36aad2b5feb5080fe76abcbae064a9150024ff19dfb1169f59be6b650524cec8219759a3cf6aa74f19dff

    • SSDEEP

      49152:bxJhuIXD4WLRib3WznrOqlcqrOb2TbZi3Z1XoBxsIkIT6geaxQKKgrH5pPV80X0e:wg48cb3WzrOqGqrOSg3r8VOVY

    Score
    7/10
    bootkitpersistenceransomwareupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks