Overview

overview

9

Static

static

3

85e761230c...6c.exe

windows7-x64

9

85e761230c...6c.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    85e761230c233a73d477215e8d83b449827bca1606e35bd4f0eee5317629f76c

  • Size

    12.1MB

  • Sample

    240903-s91kma1hrd

  • MD5

    e781eb5fe8f6fdc97e99db226dac1b8e

  • SHA1

    f5182043835a793d1ab138b22f2a58175d2c8fea

  • SHA256

    85e761230c233a73d477215e8d83b449827bca1606e35bd4f0eee5317629f76c

  • SHA512

    70117ff79a7aa8dac1620c08c4f605e5c8889ab1f938ce149fd6db560288262f70487bcb3060fcfa1483790f8b2d6aed30c0d48bcf692aa56b8ad666ebf55f18

  • SSDEEP

    393216:I0njALhgQkjMD6l6ROSRxKhry+LsmCt86u4ngkKJ:JALDkgD6lQgh++LxCPTg

Score
9/10
bootkitdiscoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      85e761230c233a73d477215e8d83b449827bca1606e35bd4f0eee5317629f76c

    • Size

      12.1MB

    • MD5

      e781eb5fe8f6fdc97e99db226dac1b8e

    • SHA1

      f5182043835a793d1ab138b22f2a58175d2c8fea

    • SHA256

      85e761230c233a73d477215e8d83b449827bca1606e35bd4f0eee5317629f76c

    • SHA512

      70117ff79a7aa8dac1620c08c4f605e5c8889ab1f938ce149fd6db560288262f70487bcb3060fcfa1483790f8b2d6aed30c0d48bcf692aa56b8ad666ebf55f18

    • SSDEEP

      393216:I0njALhgQkjMD6l6ROSRxKhry+LsmCt86u4ngkKJ:JALDkgD6lQgh++LxCPTg

    Score
    9/10
    bootkitdiscoveryevasionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks