378e81caad22678bb13d3be2bb311feca5cd684c84ab2554c40fac80fc4e29a0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

test.zip
Size

7.2MB
Sample

240715-3f9asavbjq
MD5

9aa543f21ff76599c8fde89ff1c609bb
SHA1

b6b9ac51d440c643590328e0b08e05dc76464df7
SHA256

378e81caad22678bb13d3be2bb311feca5cd684c84ab2554c40fac80fc4e29a0
SHA512

075e90e4bc8c5518519a13e93d614acdf5b950fce9cd7fcebc86f8985521b9222f5376e119d4c8cb0b09efdfebb42b26f03af85f2554331ee5f796906c539677
SSDEEP

196608:+eSwOWlLCPU0id3hsJuXbU023mkkvh5PH41UC:BnqULnscXbUnkv7uZ

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  test/XLLiveUpdateAgent.dll
- Size
  
  935KB
- MD5
  
  95510f67cf120d180362fd2d3ec23d9c
- SHA1
  
  4787cfb2398fd3285be85e52be633f454bb48ff6
- SHA256
  
  9f64fdbf96b10a185c51bf9e7d6199e44a5ef3255de40a0a447cf556ac7675f0
- SHA512
  
  4caf48792686a89e8397813a6b0246b274986e7fdf245d0b1aa3e36b7e9de0be7b618cd483871f76769a569a7b896f5b9f461f62f4d26cedbf257cc74c69f562
- SSDEEP
  
  24576:aLEFWsglub8JxXy1fr6JMJ8Vedt0q1ZzY/RtuJnXnNRG+PN:6Xsu48JxXy1fr6JMJ8VetL0uRXNRG+P
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  test/XmpLiveUD.exe
- Size
  
  4.8MB
- MD5
  
  5fccddc84705ef583e1e105a706a4cea
- SHA1
  
  fd62980ab42f9062cb2cae7fb432169a660a9391
- SHA256
  
  b09997d6da86ae913039327a1ca291a405d741722be660046db75e9b76b3176c
- SHA512
  
  b9a690bf3c01e4e111c1139fac883265d8b97c96d9d6ae2bb4e9c303a622ab2c67b6acd058534f7afb14d9d2f0aa48eefea83d73ebaa7b972ff3c75c0723c4ac
- SSDEEP
  
  98304:Bny3nq8O4Se6EjHruSYHFaGpx1qOj9YFNXVsO2WIVtrJVhwvHeK+:Bny3nq8O4Se60aD1qKYtsO2DbJVhm1+
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral3 behavioral4
- Target
  
  test/libcurl.dll
- Size
  
  706KB
- MD5
  
  4b5dfd7e9ac50a741b5ac6102b30cbf5
- SHA1
  
  c3ae8f11f12b2160055a28ee8cd0f14d215864dc
- SHA256
  
  8fbb6e1c42d6ea9fb1f5651d0cad370cbd36fda89035568c460193b1ae316cdc
- SHA512
  
  9099874416956b53bb7a8d63a215f0e40ae806d21bdad6fcdba002f35c5b3d8827c7d5e5c9500a356a7bdf7a3d402c3d8851dd0df69a72fed752277f32b210cc
- SSDEEP
  
  12288:Fqqa/+1vVBPwcuhY1N99FvRq9w9+qMA+1Jh7RrvBwXT0cqfswMSm:Mt/+B/Pwc2I99Fg9wozRryXgZb
Score

3^/10
behavioral5 behavioral6
- Target
  
  test/libeay32.dll
- Size
  
  1.4MB
- MD5
  
  ff5c63efbba91a0eec9fc645da655b4c
- SHA1
  
  d225ceff3601b57add69df7d854b2348a8980255
- SHA256
  
  e1fbb97ff3607d569d584f78ce77a9dd2cf64dca05aebdbf3e55c9711e07b3be
- SHA512
  
  96b963823d7a28e4d4ecd703aa26ad3d3e1d4086e09a4cc08ca88c30c9b8ceb42b7daf184e33b9175f87a566e78028cca3e6ab90ed6537598677f27b15eefce5
- SSDEEP
  
  24576:bP7+KpPGpFwdp51AaHUzrFEUrCrhRgh4fnrvjHnhPUShTuTjCjstP/TqBlkcULQw:7t51AV4/gh4fvpvuOjstP/TqIcULQ3A
Score

1^/10
behavioral7 behavioral8
- Target
  
  test/libexpat.dll
- Size
  
  379KB
- MD5
  
  0cdb376595b90c8e40169a7332c609cc
- SHA1
  
  0e47e06237f27388437d8631d055e78a34b37e03
- SHA256
  
  31d2076066107bd04ab24ff7bbdf8271aa16dd1d04e70bd9cc492e9aa1e6c82b
- SHA512
  
  3062a64d412d69996d36caf7acf1dd040941ab9adf26841fcb103d4711ffcb8e3a8deaa9374042c882e1e4c3ad51e4d294498c398d2b6adf0f1c6669d6f1d94b
- SSDEEP
  
  6144:rZSXY+i8m9LTjbJsHjzkWQgvvgu2fKOzjQauHgDwTddh9Qv:w/m9LTjbJIz1lvvguyKmWAM5nmv
Score

3^/10
behavioral10 behavioral9
- Target
  
  test/ssleay32.dll
- Size
  
  371KB
- MD5
  
  7456818a22dad2c0965580d8bbf4cabd
- SHA1
  
  548714607df2ec3b7c8a22cfba3a1776e6e80861
- SHA256
  
  f3a288c5455b074fe9c9d5a160adeb49e84bbe1832b5fcbe8f26093215192f65
- SHA512
  
  13f6589bd9c0c60a3df63325c57e94129761adc558d1a65eb4c6e138e6155dd9dbe501d45edde282219dc357593458f5f84a29188d123dcb7770e7479f6a7e68
- SSDEEP
  
  6144:ei2wWNZIpLE8b643WlU03dn3Hg460la0C1bDTQ90IVgcQ7Ab/NXXN7zKDhz+Pi8O:x2wWNZIpLE8b6mWlU03d3Hg460laf1ns
Score

1^/10
behavioral11 behavioral12
- Target
  
  test/xlstat4.dll
- Size
  
  1.9MB
- MD5
  
  07a2934c00c8c1c20e42e6e028f77bca
- SHA1
  
  b6fbe06fd7c0704511344a9dad5edc72bbc996ef
- SHA256
  
  44e93469c0608590e95420cc04636a7f10b49292ce1b7a24b5e68436f7b7bb80
- SHA512
  
  84d6938d3b7200c34ed296b5dfc880fe06a183fd7d2b87d30a33378c8fabd4a9cc0feda3a9eede5d26362799977709c326204bdb9ef3e53b0eea9c350f329cbd
- SSDEEP
  
  49152:Y8jQNfutAi7iBO4nEg+4XqyKkamhScABJLiIPHko:Y8jQNfutAxBFEg+4XckamAcABJLiI/
Score

3^/10
behavioral13 behavioral14
- Target
  
  test/zlib1.dll
- Size
  
  396KB
- MD5
  
  9fcbcfd38da2498cb14936f04b6364b7
- SHA1
  
  b43a72cd5e1f12579f65e7d09b72f38802b5e02e
- SHA256
  
  f16ed7812cbe5b17edce48a3de195157fe558f4ee8fc8024d239be5b03938b16
- SHA512
  
  3e3ca876602c2a447d011458ffe95b09100c69710b5b2fdbe3e36555ecc1ebe1ab6c34422cbf4a1fd3d7ce6e64721becd0fcf02e0e6a40bb75a5c2fed96affb6
- SSDEEP
  
  12288:+DGecz8rDg7j01LWFETPoliOrIT4tTcvuhIE:yGecz4Duj/i74tTnhIE
Score

3^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

behavioral3

bootkitpersistence

behavioral4

bootkitpersistence

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16