General

  • Target

    Easy2Boot_v2.20.exe

  • Size

    34.7MB

  • Sample

    241109-vva3jaxpaw

  • MD5

    3d55a27b98c865644997f858902715b6

  • SHA1

    b971af5cbe2c2dd032b04709731fb64759ad371c

  • SHA256

    16236aa5bdfc6a7e130240bcdd28c35fa63a75828298874a90cf246f7580757f

  • SHA512

    22f9948900cf6ff836143620c7f40d956b2a694c099794c9bfd868570a658d7307273fea2d4bbde930401268592453c0b895aef8f2a3ac6b585c91e57c1970ac

  • SSDEEP

    786432:zJsJLYHT5sAsu/4RcMF7gYG8rLbPCi5dmm14nW0X9LWsP/:VM05sp+4mMpgYn6iXmaw9LW8/

Malware Config

Targets

    • Target

      Easy2Boot_v2.20.exe

    • Size

      34.7MB

    • MD5

      3d55a27b98c865644997f858902715b6

    • SHA1

      b971af5cbe2c2dd032b04709731fb64759ad371c

    • SHA256

      16236aa5bdfc6a7e130240bcdd28c35fa63a75828298874a90cf246f7580757f

    • SHA512

      22f9948900cf6ff836143620c7f40d956b2a694c099794c9bfd868570a658d7307273fea2d4bbde930401268592453c0b895aef8f2a3ac6b585c91e57c1970ac

    • SSDEEP

      786432:zJsJLYHT5sAsu/4RcMF7gYG8rLbPCi5dmm14nW0X9LWsP/:VM05sp+4mMpgYn6iXmaw9LW8/

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks