Overview

overview

8

Static

static

1

sample

windows11-21h2-x64

8

Resubmissions

16-12-2024 20:02

241216-yskezaznap 10

16-12-2024 20:00

241216-yrb27szmhl 9

16-12-2024 19:57

241216-yparcszmek 8

16-12-2024 19:52

241216-ylqneaypds 8

16-12-2024 19:49

241216-yjtbhsynhx 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample

  • Size

    258KB

  • Sample

    241216-ylqneaypds

  • MD5

    37698ffffe211da5c8b3f97ec1f36bae

  • SHA1

    83f5b50f58b8c0a1451e8ba9f119b526abae76df

  • SHA256

    a9614c6564109168c11a853f00a2073803c8a26af2effa33b861d80f78121e54

  • SHA512

    368e0ee6d90d1f1746c23a520520a658964a7d289f846f2ed94772f28bb7331af763dc99fc7a8395c4a19314b35fbe9c5aa9e765cf7092e59cbd8f48f8ee3134

  • SSDEEP

    6144:giaRHpOL/saqkPV9FemLtcIDSsmwj9OvZJT3CqbMrhryf65NRPaCieMjAkvCJv1/:laRHpOL/saqkPV9FemLtcIDSsmwj9OvY

Score
8/10
bootkitdefense_evasiondiscoverypersistenceupx

Malware Config

Targets

    • Target

      sample

    • Size

      258KB

    • MD5

      37698ffffe211da5c8b3f97ec1f36bae

    • SHA1

      83f5b50f58b8c0a1451e8ba9f119b526abae76df

    • SHA256

      a9614c6564109168c11a853f00a2073803c8a26af2effa33b861d80f78121e54

    • SHA512

      368e0ee6d90d1f1746c23a520520a658964a7d289f846f2ed94772f28bb7331af763dc99fc7a8395c4a19314b35fbe9c5aa9e765cf7092e59cbd8f48f8ee3134

    • SSDEEP

      6144:giaRHpOL/saqkPV9FemLtcIDSsmwj9OvZJT3CqbMrhryf65NRPaCieMjAkvCJv1/:laRHpOL/saqkPV9FemLtcIDSsmwj9OvY

    Score
    8/10
    bootkitdefense_evasiondiscoverypersistenceupx

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks