a424b8b1bb9d04f10ff81731d7aac690d82e0651b4d3d611811f51054699b695 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

a424b8b1bb...95.exe

windows7-x64

9

a424b8b1bb...95.exe

windows10-2004-x64

9

Sharing

General

Target

a424b8b1bb9d04f10ff81731d7aac690d82e0651b4d3d611811f51054699b695
Size

6.0MB
Sample

241014-d2td1s1hql
MD5

79915ceaf5c5fec93c7e5473337bac0b
SHA1

e18dd59020d1b122812679db9936c1c6ea99d9a2
SHA256

a424b8b1bb9d04f10ff81731d7aac690d82e0651b4d3d611811f51054699b695
SHA512

3ac16180e66a4b92c3fe0c94e86ec16d0e561d4464eb8da007b29c62e78f64410bc9d53f4e5d4128da5d18e2e79c5605a11151870c5399bcaa63ac8b950b94c4
SSDEEP

98304:XNO/UWZ9+12HlCz784sLSxuHRogpOzbngV/1pV5BqlafdJFLAaLP1X:XKX+267IauxogpGbgPbqlafFPTZ

Score

9^/10

bootkit discovery evasion persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a424b8b1bb9d04f10ff81731d7aac690d82e0651b4d3d611811f51054699b695.exe

Resource

win7-20240903-en

bootkit discovery evasion persistence upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

a424b8b1bb9d04f10ff81731d7aac690d82e0651b4d3d611811f51054699b695.exe

Resource

win10v2004-20241007-en

discovery evasion

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  a424b8b1bb9d04f10ff81731d7aac690d82e0651b4d3d611811f51054699b695
- Size
  
  6.0MB
- MD5
  
  79915ceaf5c5fec93c7e5473337bac0b
- SHA1
  
  e18dd59020d1b122812679db9936c1c6ea99d9a2
- SHA256
  
  a424b8b1bb9d04f10ff81731d7aac690d82e0651b4d3d611811f51054699b695
- SHA512
  
  3ac16180e66a4b92c3fe0c94e86ec16d0e561d4464eb8da007b29c62e78f64410bc9d53f4e5d4128da5d18e2e79c5605a11151870c5399bcaa63ac8b950b94c4
- SSDEEP
  
  98304:XNO/UWZ9+12HlCz784sLSxuHRogpOzbngV/1pV5BqlafdJFLAaLP1X:XKX+267IauxogpGbgPbqlafFPTZ
Score

9^/10

bootkit discovery evasion persistence upx
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistenceupx

behavioral2

discoveryevasion

© 2018-2025

Terms | Privacy