Overview

overview

9

Static

static

3

f5358c3864...e7.exe

windows7-x64

9

f5358c3864...e7.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f5358c38641466c06cdd819a8f69eb93d208c3a9f222221cc7c6e0cf0ebbdfe7

  • Size

    3.3MB

  • Sample

    240526-jq1xlsbf9s

  • MD5

    51e442e27e653595685490dc7c7855a5

  • SHA1

    35106601e646459da88b75c2b8058ebbf745f957

  • SHA256

    f5358c38641466c06cdd819a8f69eb93d208c3a9f222221cc7c6e0cf0ebbdfe7

  • SHA512

    95742561022003be9bfbdaa1e9c15d77d2b75273f9965174d819490d362c54eea358e99c5b94e09f5c41c1399caa893afea2f2e90ce9d6209611248f54cfc27d

  • SSDEEP

    98304:NQOH5raw1GoHKqUifIwY/L4a3X62BcFOg/9MRhM6+baj:NH3BHKqUaS/LO2BM9MDMF

Score
9/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      f5358c38641466c06cdd819a8f69eb93d208c3a9f222221cc7c6e0cf0ebbdfe7

    • Size

      3.3MB

    • MD5

      51e442e27e653595685490dc7c7855a5

    • SHA1

      35106601e646459da88b75c2b8058ebbf745f957

    • SHA256

      f5358c38641466c06cdd819a8f69eb93d208c3a9f222221cc7c6e0cf0ebbdfe7

    • SHA512

      95742561022003be9bfbdaa1e9c15d77d2b75273f9965174d819490d362c54eea358e99c5b94e09f5c41c1399caa893afea2f2e90ce9d6209611248f54cfc27d

    • SSDEEP

      98304:NQOH5raw1GoHKqUifIwY/L4a3X62BcFOg/9MRhM6+baj:NH3BHKqUaS/LO2BM9MDMF

    Score
    9/10
    bootkitevasionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks