Overview

overview

9

Static

static

3

f8b127e479...fa.exe

windows7-x64

9

f8b127e479...fa.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8b127e4798a7da51094c812b4bba9d2bd489d61f97094c5d72839cd6fee9dfa

  • Size

    3.6MB

  • Sample

    240919-ehpr6azdkh

  • MD5

    aec3db72f515f7b1eb36fd783803e116

  • SHA1

    72a411a45c5184106886f7fff3af058c874b66ec

  • SHA256

    f8b127e4798a7da51094c812b4bba9d2bd489d61f97094c5d72839cd6fee9dfa

  • SHA512

    fc9e53b1601a346c647a6e7dabe42326479e80a841b9ebbf222dd9180a26b6840318a748abd1f5b02b966310a4b1b8f2b9d71b9fbd5b076987cedd4b03deed05

  • SSDEEP

    98304:CMT50Gx83GG4tBN8kqbEVZeMJkrj/xVmAllwTA3Ttj:D10D3GTnTqbEVZhJq/xVbsAT9

Score
9/10
bootkitdiscoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      f8b127e4798a7da51094c812b4bba9d2bd489d61f97094c5d72839cd6fee9dfa

    • Size

      3.6MB

    • MD5

      aec3db72f515f7b1eb36fd783803e116

    • SHA1

      72a411a45c5184106886f7fff3af058c874b66ec

    • SHA256

      f8b127e4798a7da51094c812b4bba9d2bd489d61f97094c5d72839cd6fee9dfa

    • SHA512

      fc9e53b1601a346c647a6e7dabe42326479e80a841b9ebbf222dd9180a26b6840318a748abd1f5b02b966310a4b1b8f2b9d71b9fbd5b076987cedd4b03deed05

    • SSDEEP

      98304:CMT50Gx83GG4tBN8kqbEVZeMJkrj/xVmAllwTA3Ttj:D10D3GTnTqbEVZhJq/xVbsAT9

    Score
    9/10
    bootkitdiscoveryevasionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks