Overview

overview

8

Static

static

1

winrar-64-...-1.exe

windows7-x64

8

winrar-64-...-1.exe

windows10-2004-x64

8

Resubmissions

01-07-2024 13:59

240701-ramdaayfpp 10

06-06-2023 19:05

230606-xr1j5afb28 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    winrar-64-6.21-installer_AmGAP-1.exe

  • Size

    1.7MB

  • Sample

    230606-xr1j5afb28

  • MD5

    17b1ea1089ccf5e5ef81c5dfafdb90ff

  • SHA1

    af0c22f715c97474303ff13364a71280c1d0f698

  • SHA256

    f81c79de1b8bec0ffcd299c964d8cf0bee0d983ab465b693dbfd7347d2c64f87

  • SHA512

    3e90c90477075856f77194cb6842501402f4eb49a68df84f5f3d49b5a8edae012e257908483c8451bc20bb89755c0b51c94c9499f4e3b6b85e88f8722e6d6a73

  • SSDEEP

    24576:f7FUDowAyrTVE3U5Fmuj6C9FPusBoPwbpm90jiJ/65kr2kLgaJyLHbTVYyT:fBuZrEUr6CzmsBoYbpUF65GzOB

Score
8/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      winrar-64-6.21-installer_AmGAP-1.exe

    • Size

      1.7MB

    • MD5

      17b1ea1089ccf5e5ef81c5dfafdb90ff

    • SHA1

      af0c22f715c97474303ff13364a71280c1d0f698

    • SHA256

      f81c79de1b8bec0ffcd299c964d8cf0bee0d983ab465b693dbfd7347d2c64f87

    • SHA512

      3e90c90477075856f77194cb6842501402f4eb49a68df84f5f3d49b5a8edae012e257908483c8451bc20bb89755c0b51c94c9499f4e3b6b85e88f8722e6d6a73

    • SSDEEP

      24576:f7FUDowAyrTVE3U5Fmuj6C9FPusBoPwbpm90jiJ/65kr2kLgaJyLHbTVYyT:fBuZrEUr6CzmsBoYbpUF65GzOB

    Score
    8/10
    bootkitdiscoverypersistence

    • Downloads MZ/PE file

    • Adds Run key to start application

      persistence

    • Checks for any installed AV software in registry

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Bootkit

1
T1067

Change Default File Association

1
T1042

Privilege Escalation

Defense Evasion

Modify Registry

4
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Security Software Discovery

1
T1063

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks