General
-
Target
Yonder_Fivem.exe
-
Size
6.3MB
-
Sample
240620-w9h75asajd
-
MD5
b1c825266b3ba65293047125b6187839
-
SHA1
2717197678e400a693ca7c3a4eedf1fe7001382b
-
SHA256
f6602a9eba868412294f032e365016623518da2a24c949e9659256c46d156bd1
-
SHA512
24830021254f1206775201f98fb0323dec02f947374a367c8d2f0c9c328b55fe492a36b0d2217ca41f1cdeb24152290501cef7b01dfb20e717db10f92952760e
-
SSDEEP
98304:gjWxDXRGFyZftzByQ6/Sw87AB3bq6p9OJmtgiBnuNfXWNasKo+oX2hsfBoj:gjWxFG2JByQ6/g01q6PiNiB6y97X2/j
Malware Config
Targets
-
-
Target
Yonder_Fivem.exe
-
Size
6.3MB
-
MD5
b1c825266b3ba65293047125b6187839
-
SHA1
2717197678e400a693ca7c3a4eedf1fe7001382b
-
SHA256
f6602a9eba868412294f032e365016623518da2a24c949e9659256c46d156bd1
-
SHA512
24830021254f1206775201f98fb0323dec02f947374a367c8d2f0c9c328b55fe492a36b0d2217ca41f1cdeb24152290501cef7b01dfb20e717db10f92952760e
-
SSDEEP
98304:gjWxDXRGFyZftzByQ6/Sw87AB3bq6p9OJmtgiBnuNfXWNasKo+oX2hsfBoj:gjWxFG2JByQ6/g01q6PiNiB6y97X2/j
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Loads dropped DLL
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Pre-OS Boot
1Bootkit
1