Overview

overview

7

Static

static

7

d867c654ac...55.exe

windows7-x64

7

d867c654ac...55.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d867c654acd41b31820c93d48f51400cc401c6ad53d926b83db44d2529b57255

  • Size

    5.4MB

  • Sample

    241015-f57rxs1eqq

  • MD5

    744e5c19d8717ade0a12f54aefbc85b3

  • SHA1

    47962de3075cd36fbe68fa782180822e49350749

  • SHA256

    d867c654acd41b31820c93d48f51400cc401c6ad53d926b83db44d2529b57255

  • SHA512

    57e876f1ad6869a116ba6bf6e7b4155ab7696ed2d022e94fad819a2d15f223b29527af791dc9a65c95a1f21ab1ff01296caa7f4bdcbe68e3265dacec2d763727

  • SSDEEP

    98304:O0lW5oFU1nJwrsZd0ohG3AuqDztfxeYU9W3UmcZqr41pdwyVf:nlCn1nbZakG7AtZej9DmcZq5A

Score
7/10
bootkitdiscoverypersistenceupxvmprotect

Malware Config

Targets

    • Target

      d867c654acd41b31820c93d48f51400cc401c6ad53d926b83db44d2529b57255

    • Size

      5.4MB

    • MD5

      744e5c19d8717ade0a12f54aefbc85b3

    • SHA1

      47962de3075cd36fbe68fa782180822e49350749

    • SHA256

      d867c654acd41b31820c93d48f51400cc401c6ad53d926b83db44d2529b57255

    • SHA512

      57e876f1ad6869a116ba6bf6e7b4155ab7696ed2d022e94fad819a2d15f223b29527af791dc9a65c95a1f21ab1ff01296caa7f4bdcbe68e3265dacec2d763727

    • SSDEEP

      98304:O0lW5oFU1nJwrsZd0ohG3AuqDztfxeYU9W3UmcZqr41pdwyVf:nlCn1nbZakG7AtZej9DmcZq5A

    Score
    7/10
    bootkitdiscoverypersistenceupxvmprotect

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks