Overview

overview

6

Static

static

1

kaspersky-...91.exe

windows7-x64

6

kaspersky-...91.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    kaspersky-pure-2021-21-3-10-391.exe

  • Size

    207.6MB

  • Sample

    240726-t4qc5szcnl

  • MD5

    efbe51e320ae011a681ede6f2e80b244

  • SHA1

    16916c7fded73bf4311d8a98aaaa4a6b2ce86b4b

  • SHA256

    93b10b3298d577fe8874b5f28721ee66802afb26cdc427626e1575404bcba464

  • SHA512

    bc4fe3198b33d0d773578ac1dc09d94585922ad100e96dcc709353a9652b1ed0761458db2b83ab000159412c03361f6e60c7b92b333c0ebb29d7e4609577c5e5

  • SSDEEP

    6291456:igVI+Mf67FZhjMlWnCMkQk7+yOJkZas4kYo6uMD4pUyM7t:igVtMipfjMUCpQktA7kYxuMDdyWt

Score
6/10
bootkitdiscoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      kaspersky-pure-2021-21-3-10-391.exe

    • Size

      207.6MB

    • MD5

      efbe51e320ae011a681ede6f2e80b244

    • SHA1

      16916c7fded73bf4311d8a98aaaa4a6b2ce86b4b

    • SHA256

      93b10b3298d577fe8874b5f28721ee66802afb26cdc427626e1575404bcba464

    • SHA512

      bc4fe3198b33d0d773578ac1dc09d94585922ad100e96dcc709353a9652b1ed0761458db2b83ab000159412c03361f6e60c7b92b333c0ebb29d7e4609577c5e5

    • SSDEEP

      6291456:igVI+Mf67FZhjMlWnCMkQk7+yOJkZas4kYo6uMD4pUyM7t:igVtMipfjMUCpQktA7kYxuMDdyWt

    Score
    6/10
    bootkitdiscoveryevasionpersistencetrojan

    • Checks for any installed AV software in registry

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Software Discovery

1
T1518

Security Software Discovery

1
T1518.001

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks