Overview

overview

9

Static

static

3

5138efa2c0...a2.exe

windows7-x64

9

5138efa2c0...a2.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5138efa2c04e078f04899b61caa4dc023063c63e1f1f11d5cbe7d4c50dffb4a2

  • Size

    11.3MB

  • Sample

    240526-shsqpsbd65

  • MD5

    6b3d7ce072e58f48035ef68a86db06bd

  • SHA1

    540c575b889ddc1476f2d5c0ac16d6daf13dae82

  • SHA256

    5138efa2c04e078f04899b61caa4dc023063c63e1f1f11d5cbe7d4c50dffb4a2

  • SHA512

    033fef324ad7b1f01438a9614f07c6683f5fc744ea21792e1a7027181b0a2e815651c8099f65c8d5cb9cdadc32ad82575d20d00631a5fd1ee07902189b9203ed

  • SSDEEP

    196608:FzsASlxZ/+8oYnMB9nJ5G4GZpMo2DWRqRnagy2+a64blJH8KEdZ9/qCQ90htMJYo:FzHwZ2rBBzG4sprkWgBjXb3H6Z9690Tx

Score
9/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      5138efa2c04e078f04899b61caa4dc023063c63e1f1f11d5cbe7d4c50dffb4a2

    • Size

      11.3MB

    • MD5

      6b3d7ce072e58f48035ef68a86db06bd

    • SHA1

      540c575b889ddc1476f2d5c0ac16d6daf13dae82

    • SHA256

      5138efa2c04e078f04899b61caa4dc023063c63e1f1f11d5cbe7d4c50dffb4a2

    • SHA512

      033fef324ad7b1f01438a9614f07c6683f5fc744ea21792e1a7027181b0a2e815651c8099f65c8d5cb9cdadc32ad82575d20d00631a5fd1ee07902189b9203ed

    • SSDEEP

      196608:FzsASlxZ/+8oYnMB9nJ5G4GZpMo2DWRqRnagy2+a64blJH8KEdZ9/qCQ90htMJYo:FzHwZ2rBBzG4sprkWgBjXb3H6Z9690Tx

    Score
    9/10
    bootkitevasionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks