75f17b7472b10d465ca8a978d2cea8522e5675b376ba8743b36437990bc078bb | Triage

Submit
Reports

Overview

overview

9

Static

static

3

2024-05-26...il.exe

windows7-x64

9

2024-05-26...il.exe

windows10-2004-x64

9

Sharing

General

Target

2024-05-26_1a5bd43c86e59b1849bdf8da1eb9f9b8_magniber_revil
Size

19.8MB
Sample

240526-f3nk9shc37
MD5

1a5bd43c86e59b1849bdf8da1eb9f9b8
SHA1

2d9240c02b9ef845338761cd0398bae5a9aa89d0
SHA256

75f17b7472b10d465ca8a978d2cea8522e5675b376ba8743b36437990bc078bb
SHA512

f5b1da9d8119d3c0a2fdaf1c7d0bd6b4165531eae3426126b587d5d530969511f29ef4d4ef7d91949b905d10544a61ffb06cc9759e0f76adc12b4f4902d7434f
SSDEEP

393216:e0O5hIi4IUZzF8FcRIZHpKZgzLxNweoxyWTQZRoThwcHrmu3N:UyZz9RSHEZgHPybH

Score

9^/10

bootkit persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-05-26_1a5bd43c86e59b1849bdf8da1eb9f9b8_magniber_revil.exe

Resource

win7-20240419-en

bootkit persistence upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-05-26_1a5bd43c86e59b1849bdf8da1eb9f9b8_magniber_revil.exe

Resource

win10v2004-20240508-en

bootkit persistence upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-05-26_1a5bd43c86e59b1849bdf8da1eb9f9b8_magniber_revil
- Size
  
  19.8MB
- MD5
  
  1a5bd43c86e59b1849bdf8da1eb9f9b8
- SHA1
  
  2d9240c02b9ef845338761cd0398bae5a9aa89d0
- SHA256
  
  75f17b7472b10d465ca8a978d2cea8522e5675b376ba8743b36437990bc078bb
- SHA512
  
  f5b1da9d8119d3c0a2fdaf1c7d0bd6b4165531eae3426126b587d5d530969511f29ef4d4ef7d91949b905d10544a61ffb06cc9759e0f76adc12b4f4902d7434f
- SSDEEP
  
  393216:e0O5hIi4IUZzF8FcRIZHpKZgzLxNweoxyWTQZRoThwcHrmu3N:UyZz9RSHEZgHPybH
Score

9^/10

bootkit persistence upx
- UPX dump on OEP (original entry point)
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitpersistenceupx

behavioral2

bootkitpersistenceupx

© 2018-2024

Terms | Privacy