9759e30542de3ae589b6e74d29d2ae945be0bd3e6b1cfee7b6a1350fabb4c91c | Triage

Sharing

General

Target

Loader.zip
Size

796KB
Sample

240709-yse59asglk
MD5

bd6d38032cd16f21769d56024359c5e6
SHA1

6121c38256a4164fa7bbc856cac3df29095718a1
SHA256

9759e30542de3ae589b6e74d29d2ae945be0bd3e6b1cfee7b6a1350fabb4c91c
SHA512

7b1a7136ec38dfdf1e279bf354646a424b10781c0ef8290d6b29a7a167fc8b31383496a72125d4f5a6481c71e9ac0977aca1acda1deeb15b892ccc864902a72a
SSDEEP

24576:eUkn544/vWD2mkCHuKXc5eTrVyk1P/psoB:eUGy4LCHPFF1PhsoB

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  Loader.exe
- Size
  
  1.4MB
- MD5
  
  cbd163656755fa3c450c96fef719c461
- SHA1
  
  e946b664143f597cfa5fce2a9a30d91ec7bc35a2
- SHA256
  
  d99a835ea5c9c9da1477fdefe93ede5eb074369be3acfa5bad5b5319ba3b560e
- SHA512
  
  04394af64b32a48b66c9309dedb0ac2397253f6f25210524dec1e2d2d5ce6b156dce8873498b44a894e53e63d0f3798f1b1d78b7cac1161bcbfdd36774baa26e
- SSDEEP
  
  24576:JjcKXOa4IreVWHtlfG3tNTAiuSVXcgeuGKFzFTSpkPfnPPM7U1Q:JjPN44PxG3tN8ENjFTFfnni
Score

7^/10

bootkit persistence
- Modifies system executable filetype association
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  VMProtectSDK64.dll
- Size
  
  116KB
- MD5
  
  724d8234d574846b6ee2262a2977650d
- SHA1
  
  b3fb659ddb3306e23342a0232b9b85e924ae36d5
- SHA256
  
  af82c309ace1ce81c23aa190c65f4eaa4e2e668e227175e66b0637b56f546796
- SHA512
  
  3ea5ed4fb38986098d19221e5dbf4f48a0ccf5c912235bfdc160bb949721c298e904bbaa1070beb67cb9cfdabb0163a7a51e593f37e2bc03c69b7200c3967e83
- SSDEEP
  
  3072:xmcqYHq7Aiytzg2ScpvgJcG5sqYX6UmHRlBS:80Hq7AiyegZgJZSX+xH
Score

1^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Pre-OS Boot

Bootkit

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2