Overview

overview

7

Static

static

3

31437e0cb9...a1.exe

windows7-x64

7

31437e0cb9...a1.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    31437e0cb96b71cf8d55ceb97e282792ff706af81a8a4da55f2d480d493563a1

  • Size

    9.6MB

  • Sample

    240625-sk7yeaxcja

  • MD5

    25b8753457f32078085edb855c22359a

  • SHA1

    e974c807276137d3effc792b7c386b7f1b66e373

  • SHA256

    31437e0cb96b71cf8d55ceb97e282792ff706af81a8a4da55f2d480d493563a1

  • SHA512

    baf48ca862b2ce0d47e4a96e2c26a07a18f5f7f2f087dc921f2131d4318acd5f136178b29863ff3d347b51b1d17ba58b823caa44973370a3611e2be01933b901

  • SSDEEP

    196608:glJuwEyMPYLflsA0ogk0cw/XFs3mD40nfUk/zvwuvoTbQpuwZoEOiH0/EgsT:glJUy0YLNYU0cf280nck/Dvv8E+EOiHB

Score
7/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      31437e0cb96b71cf8d55ceb97e282792ff706af81a8a4da55f2d480d493563a1

    • Size

      9.6MB

    • MD5

      25b8753457f32078085edb855c22359a

    • SHA1

      e974c807276137d3effc792b7c386b7f1b66e373

    • SHA256

      31437e0cb96b71cf8d55ceb97e282792ff706af81a8a4da55f2d480d493563a1

    • SHA512

      baf48ca862b2ce0d47e4a96e2c26a07a18f5f7f2f087dc921f2131d4318acd5f136178b29863ff3d347b51b1d17ba58b823caa44973370a3611e2be01933b901

    • SSDEEP

      196608:glJuwEyMPYLflsA0ogk0cw/XFs3mD40nfUk/zvwuvoTbQpuwZoEOiH0/EgsT:glJUy0YLNYU0cf280nck/Dvv8E+EOiHB

    Score
    7/10
    bootkitdiscoverypersistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks