General
-
Target
Mx Woofer.rar
-
Size
4.3MB
-
Sample
241113-zqr8gayhrp
-
MD5
615873e0248a840858cbd8c0eaed621d
-
SHA1
3d691efcad55768b475a84a57d36fd87a7ef099d
-
SHA256
fbbc00b62830a07bf3b575daf8e1d041807c94b85bdc62fcab0a7ac6caf31314
-
SHA512
adc8359892d8f6a887935b364574514b92f5cb5aeb65c1bb22620f4efc380514502a41138062dca1712074cede414d4711138a04a8e8ee196bd199b404eb2c9f
-
SSDEEP
98304:Ggfc5DAqsa2dy9ebVmu8BF/CICAV+OboTVSLingYQ3sqD3rz:hcR238T/qO8TVujGSn
Static task
static1
Behavioral task
behavioral1
Sample
MXWoofer.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
MXWoofer.exe
-
Size
8.1MB
-
MD5
3b92c15545fdefaaa701250a5006bd32
-
SHA1
f19eefb54911acdb7d9e24e1a4a8dd7e2c5ca671
-
SHA256
0f53954a7f1c92ea54bdce10149d9bb1517e629a2a98db4b77d8db1c10938fb2
-
SHA512
f85fc5866e3a96079a78cefb4e55e976af628f1e76a03e954e1ebed27c43d811be5f744b0416724d57d441e72fa2566cec8ccbb7fd04d62563c1787ae052ebac
-
SSDEEP
98304:K9fyrBps+nI4Cm5+5OeP9qU4ccBcwHehrDZ/m4hMPB6OSuXQL:KVyrB6MEPqUTcBXHWuCMp6yXQL
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Defense Evasion
Impair Defenses
1Pre-OS Boot
1Bootkit
1Virtualization/Sandbox Evasion
1