22251a83671dcf0533c25f75c576607dcc98d780c318d68ff390f14c32da7e97 | Triage

Submit
Reports

Overview

overview

Static

static

7

ë.zip

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

ë.zip
Size

804KB
Sample

240908-k5yapsxdnk
MD5

c9fc135a2a846ea53124360ea6065526
SHA1

a350c7013034654b4b881057cb610303d4b31adc
SHA256

22251a83671dcf0533c25f75c576607dcc98d780c318d68ff390f14c32da7e97
SHA512

a92ca970054fad4b6f8e5f8cf0324614535f4a102b1d70a9d1fb9f09966d7417cf3400a503c3ade89fcace02c085d49f9bcef7ef5a0bc9d90a7f7fbbb2c11176
SSDEEP

24576:YRl1A6eGXvLnZfkWoLW32/SP4pK/2Moq9NhfVYp:6l1BdtoLW32/SP4A/HXhU

Score

10^/10

bootkit discovery evasion persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ë.zip

Resource

win10-20240404-en

bootkit discovery evasion persistence trojan upx

windows10-1703-x64

20 signatures

300 seconds

Malware Config

Targets

- Target
  
  ë.zip
- Size
  
  804KB
- MD5
  
  c9fc135a2a846ea53124360ea6065526
- SHA1
  
  a350c7013034654b4b881057cb610303d4b31adc
- SHA256
  
  22251a83671dcf0533c25f75c576607dcc98d780c318d68ff390f14c32da7e97
- SHA512
  
  a92ca970054fad4b6f8e5f8cf0324614535f4a102b1d70a9d1fb9f09966d7417cf3400a503c3ade89fcace02c085d49f9bcef7ef5a0bc9d90a7f7fbbb2c11176
- SSDEEP
  
  24576:YRl1A6eGXvLnZfkWoLW32/SP4pK/2Moq9NhfVYp:6l1BdtoLW32/SP4A/HXhU
Score

10^/10

bootkit discovery evasion persistence trojan upx
- UAC bypass
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Pre-OS Boot

Bootkit

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy