Overview

overview

8

Static

static

3

mkp.exe

windows11-21h2-x64

Resubmissions

13-11-2024 01:28

241113-bvnh3stkfz 8

13-11-2024 01:26

241113-bthw7svarq 10

12-11-2024 21:01

241112-zvah8avjej 10

12-11-2024 20:33

241112-zb5v1stnhp 5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    200730-48mxz512fa_pw_infected.zip

  • Size

    1.1MB

  • Sample

    241113-bvnh3stkfz

  • MD5

    69a28e00bba77e3551479aa226aa4237

  • SHA1

    37ffc2bc63a0a82963ce7720696266e6acce95ba

  • SHA256

    e642de5564a66dba2c2da9bd657d79153b6e65c2c1ad55f8da5be0d471bac242

  • SHA512

    b6906281d19579e8941287ae7315f0516b454681cab122faac594f74c2766109a64cab764aefbbc040213b217d5dd8f72585367fb533077896ecba34d09fa8c7

  • SSDEEP

    24576:gUgNEpGTKCB5Muwytp3FGtYpSZ0HPRgN8zhXHV+VLLGiNMN3:UNEpGFB1wERFGtySZY+EhX1+VnNMV

Score
8/10
bootkitdefense_evasiondiscoverypersistence

Malware Config

Targets

    • Target

      mkp.exe

    • Size

      1.2MB

    • MD5

      2055bbde7b5a1afd6ea79974d1435a98

    • SHA1

      e249c4f1d0910cb4660a3d41593692a02796472f

    • SHA256

      e51abdb2023b560244802f7d9687944dc0dff3042c28d7bc7a2b517df6e24942

    • SHA512

      f21f963ea6f3c394f61780825a0971f432450a7ca94353db0ba5915a0e190f0d65025c40756597b0170a3c23fb160e27011ce4a098afe2a518efc47a06874d55

    • SSDEEP

      24576:AQkBF2DuFBsfrCbHdtvIwTGp+olFTPPxQoZeKVbygpgPh3aFMI9R2uacQs:AQIBsfrCHdtvdTCTO2pdygpiAJads

    Score
    8/10
    bootkitdefense_evasiondiscoverypersistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks