b66ad8c6713cd0567d54971bf0d153ff93765cd5575bea46f24e3e886232d624 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

VMProtectSDK64.zip
Size

796KB
Sample

240710-nalj7swfnh
MD5

52b646bf9f4c58cc71c7b2f7554fefdd
SHA1

b58dd754337c4111f6b5cc5db16bca2c891054cf
SHA256

b66ad8c6713cd0567d54971bf0d153ff93765cd5575bea46f24e3e886232d624
SHA512

db683d0bab9f20a4f49188e37b641829cf4acbb68bb7bc1aadda33f255fd4c28c4bc0a9d411dcdfef7dd509d4f8a3f7035cd9e009f89fb5adc2ad1a46b26feff
SSDEEP

24576:qxaCZKTuDca0HynP/wppe5xqUd883RS+B39ET9ex:Fj+0xfU7RSeNEUx

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  Loader.exe
- Size
  
  1.4MB
- MD5
  
  4aebbd9f295d6ae974fefab2125f28ba
- SHA1
  
  8006db8ccbbbdaabc400c38d2351e2354f50367f
- SHA256
  
  70fc70e027e945842e40737bd6ec618340e8e802909d51ee6191bab6e72d226e
- SHA512
  
  346aeb567067d655cb9d42b1c516df1565ccfe000c792c6fad2801805233eb2b0bfea6d9e2099569ec4a891c74ef1ee0beb312c98141f3266c33c12c0fb95ff8
- SSDEEP
  
  24576:ULNnStbRUOjgbIf3ZAXHeXYBuDp4dhFgeuGKFzFTSpkPfnPptP+Y:ULt0R5oIiXeoaydmFTFfnxn
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  VMProtectSDK64.dll
- Size
  
  116KB
- MD5
  
  724d8234d574846b6ee2262a2977650d
- SHA1
  
  b3fb659ddb3306e23342a0232b9b85e924ae36d5
- SHA256
  
  af82c309ace1ce81c23aa190c65f4eaa4e2e668e227175e66b0637b56f546796
- SHA512
  
  3ea5ed4fb38986098d19221e5dbf4f48a0ccf5c912235bfdc160bb949721c298e904bbaa1070beb67cb9cfdabb0163a7a51e593f37e2bc03c69b7200c3967e83
- SSDEEP
  
  3072:xmcqYHq7Aiytzg2ScpvgJcG5sqYX6UmHRlBS:80Hq7AiyegZgJZSX+xH
Score

1^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2