Overview

overview

8

Static

static

3

EternalBlue.exe

windows7-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    EternalBlue.exe

  • Size

    206KB

  • Sample

    240609-mv42lsac73

  • MD5

    60a4b5f51d1d60f315449a294ac1ffff

  • SHA1

    4a0f3b076fea64221f137d74a112322da64c3223

  • SHA256

    dd3758da10a97e59287c0963462a8130b6a09b4de01755dc718eb994a73bd540

  • SHA512

    c0504bab53b542f6ba2d7c027273167d84eb137615a9e382241fef4e837d36b50814e746415dce4b1feefe0f75ea5979deac7e4115d5fcef2397c49957a33534

  • SSDEEP

    6144:zorIVENUnBbXDAnDmnsAjmJQ+y/L9S2z1TA+qSa/:oW1XDAnDmnsAjmJQ+yTvz9q

Score
8/10
bootkitevasionpersistence

Malware Config

Targets

    • Target

      EternalBlue.exe

    • Size

      206KB

    • MD5

      60a4b5f51d1d60f315449a294ac1ffff

    • SHA1

      4a0f3b076fea64221f137d74a112322da64c3223

    • SHA256

      dd3758da10a97e59287c0963462a8130b6a09b4de01755dc718eb994a73bd540

    • SHA512

      c0504bab53b542f6ba2d7c027273167d84eb137615a9e382241fef4e837d36b50814e746415dce4b1feefe0f75ea5979deac7e4115d5fcef2397c49957a33534

    • SSDEEP

      6144:zorIVENUnBbXDAnDmnsAjmJQ+y/L9S2z1TA+qSa/:oW1XDAnDmnsAjmJQ+yTvz9q

    Score
    8/10
    bootkitevasionpersistence

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks