Overview

overview

8

Static

static

1

hel.txt

windows7-x64

8

Resubmissions

06-09-2024 19:14

240906-xxybystcpm 10

06-09-2024 19:08

240906-xtlhzstdmd 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hel.txt

  • Size

    406B

  • Sample

    240906-xtlhzstdmd

  • MD5

    15da365f4f090a3e38d8329e6860ba83

  • SHA1

    093b8444b4d0bb1e91255b5cd9e875738c2ce916

  • SHA256

    2fed09c8225b81f260bc0f3ef29ca802ad881d408a7ea9b81b9fcbf15783c0ac

  • SHA512

    316daa931daeb1c60b970363d1d6269f52ff7c7e829e4c3e9e90321fc97fc0dc8278de53417765b4d3372eb8da1e6bbb33bea9e2f1f7be4b588ba5acd36811b7

Score
8/10
bootkitdiscoveryexecutionpersistence

Malware Config

Targets

    • Target

      hel.txt

    • Size

      406B

    • MD5

      15da365f4f090a3e38d8329e6860ba83

    • SHA1

      093b8444b4d0bb1e91255b5cd9e875738c2ce916

    • SHA256

      2fed09c8225b81f260bc0f3ef29ca802ad881d408a7ea9b81b9fcbf15783c0ac

    • SHA512

      316daa931daeb1c60b970363d1d6269f52ff7c7e829e4c3e9e90321fc97fc0dc8278de53417765b4d3372eb8da1e6bbb33bea9e2f1f7be4b588ba5acd36811b7

    Score
    8/10
    bootkitdiscoveryexecutionpersistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks