659d063fd2cd5dea7b82cb6e26bf91a7d8497a5b4ff618674bcce7e7f0f3f126 | Triage

Submit
Reports

Overview

overview

7

Static

static

7

659d063fd2...26.exe

windows7-x64

7

659d063fd2...26.exe

windows10-2004-x64

7

Sharing

General

Target

659d063fd2cd5dea7b82cb6e26bf91a7d8497a5b4ff618674bcce7e7f0f3f126
Size

1.5MB
Sample

240526-st5veaba7z
MD5

55f08159479191791ae96c3aebeaad1b
SHA1

000cd76ca355c2d6ed576bc50a71126faca53fdb
SHA256

659d063fd2cd5dea7b82cb6e26bf91a7d8497a5b4ff618674bcce7e7f0f3f126
SHA512

0ee83c55e9c4201c36b95905852e87c4e89c1e1aafd467d08fb735518a64226e7daf85cac8ac630a35a3213b64a78544af3d25d217a99fbf564d830237e20927
SSDEEP

49152:UOvU++JRV15nFM92h3tjJFaW8JHIVBikX:UQU+iRV15nFa2/XaW0HKMY

Score

7^/10

bootkit persistence vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

659d063fd2cd5dea7b82cb6e26bf91a7d8497a5b4ff618674bcce7e7f0f3f126.exe

Resource

win7-20240221-en

bootkit persistence vmprotect

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

659d063fd2cd5dea7b82cb6e26bf91a7d8497a5b4ff618674bcce7e7f0f3f126.exe

Resource

win10v2004-20240426-en

bootkit persistence vmprotect

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  659d063fd2cd5dea7b82cb6e26bf91a7d8497a5b4ff618674bcce7e7f0f3f126
- Size
  
  1.5MB
- MD5
  
  55f08159479191791ae96c3aebeaad1b
- SHA1
  
  000cd76ca355c2d6ed576bc50a71126faca53fdb
- SHA256
  
  659d063fd2cd5dea7b82cb6e26bf91a7d8497a5b4ff618674bcce7e7f0f3f126
- SHA512
  
  0ee83c55e9c4201c36b95905852e87c4e89c1e1aafd467d08fb735518a64226e7daf85cac8ac630a35a3213b64a78544af3d25d217a99fbf564d830237e20927
- SSDEEP
  
  49152:UOvU++JRV15nFM92h3tjJFaW8JHIVBikX:UQU+iRV15nFa2/XaW0HKMY
Score

7^/10

bootkit persistence vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistencevmprotect

behavioral2

bootkitpersistencevmprotect

© 2018-2024

Terms | Privacy