Overview

overview

9

Static

static

3

MenuExtendido.exe

windows7-x64

9

MenuExtendido.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MenuExtendido.exe

  • Size

    11.1MB

  • Sample

    241119-vkm94syhrl

  • MD5

    115311b89910277aa0a9b928078abf2e

  • SHA1

    2632966c0bf4c1f9f802b87e98f786de16e7defc

  • SHA256

    57c55450fd79ddc7fdde142603ffbd3451b656c737eae29cf5667426600128aa

  • SHA512

    54a551516487f82e1c0e11781d16272c1e2ef65475fa8eca2ec5ee8a559ccfdb9439a219473ba8662166cb1753b821a4bbbd8a10a8f596530545dcc08d07f073

  • SSDEEP

    196608:skb9iGGe4y2L43jn8dJkee9Cam6rMupEvE793ETQeeB2b4oRGLdQFb:Vb9ieT2LVTam6rD9UU/loRGLu5

Score
9/10
bootkitdiscoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      MenuExtendido.exe

    • Size

      11.1MB

    • MD5

      115311b89910277aa0a9b928078abf2e

    • SHA1

      2632966c0bf4c1f9f802b87e98f786de16e7defc

    • SHA256

      57c55450fd79ddc7fdde142603ffbd3451b656c737eae29cf5667426600128aa

    • SHA512

      54a551516487f82e1c0e11781d16272c1e2ef65475fa8eca2ec5ee8a559ccfdb9439a219473ba8662166cb1753b821a4bbbd8a10a8f596530545dcc08d07f073

    • SSDEEP

      196608:skb9iGGe4y2L43jn8dJkee9Cam6rMupEvE793ETQeeB2b4oRGLdQFb:Vb9ieT2LVTam6rD9UU/loRGLu5

    Score
    9/10
    bootkitdiscoveryevasionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks