49998dd0366a3d7dff3ec1b6c2add1c0f7283b42198273980025a41942bd8178 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

Screenshot...55.png

windows10-1703-x64

8

Resubmissions

28-08-2024 20:01

240828-yrjr2svfkm 4

28-08-2024 19:59

240828-yqdveatanc 7

28-08-2024 19:56

240828-ynna3ashqb 10

28-08-2024 19:53

240828-yl1hlssgrf 10

28-08-2024 19:52

240828-ylk3xsvcpp 3

28-08-2024 19:40

240828-ydgqjasdpf 8

28-08-2024 19:26

240828-x5ympasard 10

28-08-2024 19:26

240828-x5tczasaqh 3

28-08-2024 19:21

240828-x24drs1hqd 8

28-08-2024 19:20

240828-x2hr3atcpj 3

Sharing

General

Target

Screenshot 2024-08-28 at 14.57.55.png
Size

419KB
Sample

240828-ydgqjasdpf
MD5

00345903f4db4bb2c44099a766cbadb0
SHA1

9fba40eb3a9ffb65b24c98e47d36d99b56fe588c
SHA256

49998dd0366a3d7dff3ec1b6c2add1c0f7283b42198273980025a41942bd8178
SHA512

efb23c5a838b2407d9b5544dd864734dbb8c892c445cca6f3e41ad8a77ce73e9f85fc6be960981de840aed20b4190f322742d40dbc4ddaa1de8e2b4d6876984f
SSDEEP

12288:m0EHCJmoNmRxMquJhItGXNBd/GyUtlsUVhVg:mviJ3OM3nH4yUt19g

Score

8^/10

bootkit defense_evasion discovery evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

Screenshot 2024-08-28 at 14.57.55.png

Resource

win10-20240404-en

bootkit defense_evasion discovery evasion persistence trojan upx

windows10-1703-x64

28 signatures

150 seconds

Malware Config

Targets

- Target
  
  Screenshot 2024-08-28 at 14.57.55.png
- Size
  
  419KB
- MD5
  
  00345903f4db4bb2c44099a766cbadb0
- SHA1
  
  9fba40eb3a9ffb65b24c98e47d36d99b56fe588c
- SHA256
  
  49998dd0366a3d7dff3ec1b6c2add1c0f7283b42198273980025a41942bd8178
- SHA512
  
  efb23c5a838b2407d9b5544dd864734dbb8c892c445cca6f3e41ad8a77ce73e9f85fc6be960981de840aed20b4190f322742d40dbc4ddaa1de8e2b4d6876984f
- SSDEEP
  
  12288:m0EHCJmoNmRxMquJhItGXNBd/GyUtlsUVhVg:mviJ3OM3nH4yUt19g
Score

8^/10

bootkit defense_evasion discovery evasion persistence trojan upx
- Adds policy Run key to start application
  persistence
- Drops file in Drivers directory
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdefense_evasiondiscoveryevasionpersistencetrojanupx

© 2018-2024

Terms | Privacy