Overview

overview

7

Static

static

3

c66e725556...58.exe

windows7-x64

7

c66e725556...58.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c66e725556cfc9f8d6a3fad93ad77e918dc9844aa410e6c8687702d7adf1ed58

  • Size

    6.0MB

  • Sample

    240526-rm37kaaa36

  • MD5

    17c0e13ed0bf5526290494824aa7a0d5

  • SHA1

    f217de8b54a2d6ebd079fa86f7e4a2a6709760e6

  • SHA256

    c66e725556cfc9f8d6a3fad93ad77e918dc9844aa410e6c8687702d7adf1ed58

  • SHA512

    cf8127f9710055ef2932d48226047df63189bfcb3908619a706398c83f949b7d352235cc862d495e426980fe4d8bf34bdba5586e501cca5dc154a46f80c96e10

  • SSDEEP

    98304:fbdhDqohDS1F+CRcB27OgUWZHw8VQjr+/bJBAUZLH:fbdhDD23a2sWKjr+TJVr

Score
7/10
bootkitpersistenceupx

Malware Config

Targets

    • Target

      c66e725556cfc9f8d6a3fad93ad77e918dc9844aa410e6c8687702d7adf1ed58

    • Size

      6.0MB

    • MD5

      17c0e13ed0bf5526290494824aa7a0d5

    • SHA1

      f217de8b54a2d6ebd079fa86f7e4a2a6709760e6

    • SHA256

      c66e725556cfc9f8d6a3fad93ad77e918dc9844aa410e6c8687702d7adf1ed58

    • SHA512

      cf8127f9710055ef2932d48226047df63189bfcb3908619a706398c83f949b7d352235cc862d495e426980fe4d8bf34bdba5586e501cca5dc154a46f80c96e10

    • SSDEEP

      98304:fbdhDqohDS1F+CRcB27OgUWZHw8VQjr+/bJBAUZLH:fbdhDD23a2sWKjr+TJVr

    Score
    7/10
    bootkitpersistenceupx

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks