Overview

overview

7

Static

static

1

instbeta.exe

windows7-x64

7

instbeta.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    instbeta.exe

  • Size

    3.9MB

  • Sample

    240526-pxy99aed82

  • MD5

    8ab0afae7cd5e71782005780e3213cc3

  • SHA1

    994d71d897fb14501fe94de2c8bd130474f8aeab

  • SHA256

    20020cf5423afd089b6c627ab73db019727ba97a0f1916413a7ded2a2142ef25

  • SHA512

    937f0ca24cbdd2918081a718ac843713e5cd56ed8e9260c3781c1c8e801cf83820e9d7d567c418e3d4bc19b46b201df9fe52c71861ce0d34400ebad68b834c02

  • SSDEEP

    98304:36xwG+U3X+4FL8VtL0hviDfHrafY0kJIKUjFB:SwxUe4yVBDfLa9bD

Score
7/10
bootkitpersistence

Malware Config

Targets

    • Target

      instbeta.exe

    • Size

      3.9MB

    • MD5

      8ab0afae7cd5e71782005780e3213cc3

    • SHA1

      994d71d897fb14501fe94de2c8bd130474f8aeab

    • SHA256

      20020cf5423afd089b6c627ab73db019727ba97a0f1916413a7ded2a2142ef25

    • SHA512

      937f0ca24cbdd2918081a718ac843713e5cd56ed8e9260c3781c1c8e801cf83820e9d7d567c418e3d4bc19b46b201df9fe52c71861ce0d34400ebad68b834c02

    • SSDEEP

      98304:36xwG+U3X+4FL8VtL0hviDfHrafY0kJIKUjFB:SwxUe4yVBDfLa9bD

    Score
    7/10
    bootkitpersistence

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks