Overview

overview

9

Static

static

3

59419e255e...04.exe

windows7-x64

9

59419e255e...04.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    59419e255e901c3cb40c19b2ce8d76f73b4e438f44a725feff1f0790262f5604

  • Size

    5.6MB

  • Sample

    240526-ms49lagc28

  • MD5

    cc0cf2bbd5998616172f942049384bec

  • SHA1

    c4521f57838635cb95fe2c9f2390103d6a78c1b9

  • SHA256

    59419e255e901c3cb40c19b2ce8d76f73b4e438f44a725feff1f0790262f5604

  • SHA512

    c4dce7174d8f5aa794cb5d0b77b2dcb7a2ec51c48b82b3eb51e548f105255380484bd60d0461e784ae949fb0948b61777f78ae200301e55a97ca2c00b15d72e7

  • SSDEEP

    98304:EepZnsVti8+46SeIMFhbj1UBQxxVvDKJ65W2DX1v3TghyXvKAaLi:fZnQd+twMFhn1UGxxVv8+lX1v3EhgvKa

Score
9/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      59419e255e901c3cb40c19b2ce8d76f73b4e438f44a725feff1f0790262f5604

    • Size

      5.6MB

    • MD5

      cc0cf2bbd5998616172f942049384bec

    • SHA1

      c4521f57838635cb95fe2c9f2390103d6a78c1b9

    • SHA256

      59419e255e901c3cb40c19b2ce8d76f73b4e438f44a725feff1f0790262f5604

    • SHA512

      c4dce7174d8f5aa794cb5d0b77b2dcb7a2ec51c48b82b3eb51e548f105255380484bd60d0461e784ae949fb0948b61777f78ae200301e55a97ca2c00b15d72e7

    • SSDEEP

      98304:EepZnsVti8+46SeIMFhbj1UBQxxVvDKJ65W2DX1v3TghyXvKAaLi:fZnQd+twMFhn1UGxxVv8+lX1v3EhgvKa

    Score
    9/10
    bootkitevasionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks