Overview

overview

8

Static

static

3

e55386e6a8...7N.exe

windows7-x64

8

e55386e6a8...7N.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e55386e6a8cd5ba1e98d2f28385151c337327af3efa5368d6cb81cdfd024c157N.exe

  • Size

    4.5MB

  • Sample

    241121-g764vatpak

  • MD5

    c25d5ded90fe1565904751ac5c673ad0

  • SHA1

    9995fbe58a1a4359085e9cf0ae1007ddb95e1af6

  • SHA256

    e55386e6a8cd5ba1e98d2f28385151c337327af3efa5368d6cb81cdfd024c157

  • SHA512

    8163fb3824bc33a655fe5ec9decd6679c0be35513b21a0752cb9ed8b3e4d0758c74f2d10af4d850f34aefb30a9d68c09e041e7c121a18bc33b7927afde8d3a86

  • SSDEEP

    98304:rWqq+Mb+myWvjIy5YFWAvwzn7Nx99JEIjFMm2Va/5AZK6j0xnw:rWaXWvjIy5YPvwzn7N/rTAYAZK6jyw

Score
8/10
bootkitdiscoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      e55386e6a8cd5ba1e98d2f28385151c337327af3efa5368d6cb81cdfd024c157N.exe

    • Size

      4.5MB

    • MD5

      c25d5ded90fe1565904751ac5c673ad0

    • SHA1

      9995fbe58a1a4359085e9cf0ae1007ddb95e1af6

    • SHA256

      e55386e6a8cd5ba1e98d2f28385151c337327af3efa5368d6cb81cdfd024c157

    • SHA512

      8163fb3824bc33a655fe5ec9decd6679c0be35513b21a0752cb9ed8b3e4d0758c74f2d10af4d850f34aefb30a9d68c09e041e7c121a18bc33b7927afde8d3a86

    • SSDEEP

      98304:rWqq+Mb+myWvjIy5YFWAvwzn7Nx99JEIjFMm2Va/5AZK6j0xnw:rWaXWvjIy5YPvwzn7N/rTAYAZK6jyw

    Score
    8/10
    bootkitdiscoveryevasionpersistencetrojan

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks