b23cb07410639298a3fbdd3d04872c97732c1949968903feabc9d6f8d6439af2 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

b23cb07410...f2.exe

windows7-x64

7

b23cb07410...f2.exe

windows10-2004-x64

7

Sharing

General

Target

b23cb07410639298a3fbdd3d04872c97732c1949968903feabc9d6f8d6439af2
Size

14.0MB
Sample

240526-eftnbsef92
MD5

07c12f253c2eb528a7ce50a45459b56d
SHA1

f26bd6e51fe41a1dbf5e25a0b5e7131f2cc2fe64
SHA256

b23cb07410639298a3fbdd3d04872c97732c1949968903feabc9d6f8d6439af2
SHA512

e9fd384857a4b5b85415087479d76e1681104440de2f5ab0b381e1e2f9487e455fbe511c657abf6ab9e8d1c29916ebe80531b1df6fea62ee619040778ba8a9f0
SSDEEP

196608:bOLauYdxpOWdSOE2phiZ0/wONHLDrd6TYPQo8V+8Cs6cpqVVymDdh+yESGIqDMaL:CLBYdS6SUhQcwALDMXnIVnECatIZW

Score

7^/10

bootkit persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b23cb07410639298a3fbdd3d04872c97732c1949968903feabc9d6f8d6439af2.exe

Resource

win7-20240215-en

bootkit persistence upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

b23cb07410639298a3fbdd3d04872c97732c1949968903feabc9d6f8d6439af2.exe

Resource

win10v2004-20240508-en

bootkit persistence upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  b23cb07410639298a3fbdd3d04872c97732c1949968903feabc9d6f8d6439af2
- Size
  
  14.0MB
- MD5
  
  07c12f253c2eb528a7ce50a45459b56d
- SHA1
  
  f26bd6e51fe41a1dbf5e25a0b5e7131f2cc2fe64
- SHA256
  
  b23cb07410639298a3fbdd3d04872c97732c1949968903feabc9d6f8d6439af2
- SHA512
  
  e9fd384857a4b5b85415087479d76e1681104440de2f5ab0b381e1e2f9487e455fbe511c657abf6ab9e8d1c29916ebe80531b1df6fea62ee619040778ba8a9f0
- SSDEEP
  
  196608:bOLauYdxpOWdSOE2phiZ0/wONHLDrd6TYPQo8V+8Cs6cpqVVymDdh+yESGIqDMaL:CLBYdS6SUhQcwALDMXnIVnECatIZW
Score

7^/10

bootkit persistence upx
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies boot configuration data using bcdedit
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitpersistenceupx

behavioral2

bootkitpersistenceupx

© 2018-2024

Terms | Privacy