Overview

overview

8

Static

static

1

click and ...ad.msi

windows7-x64

6

click and ...ad.msi

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    evidence_video2341.zip

  • Size

    2.6MB

  • Sample

    240630-r6c5gszbnd

  • MD5

    784d7222bf678781df64a6db581c9bec

  • SHA1

    0d34e85e30f39355031d91a56c394d376ccf0c1a

  • SHA256

    9561417635a30fbbe4698c0b05010a246a448d746c4f43b08a16e2f40e4add3e

  • SHA512

    c646fa4b775b1ca47a3eb3a9454ffbc6a4aca122de7c11b43e3a8e4658b7706e1bb4c51b0365d0c158b7f1d8f2813a46b0852415fd51fe8c12c734a1ecb25833

  • SSDEEP

    49152:DZ5mifTI5c7Hf2ZEQ4cI6haCQQqxUbCNc3k9c/y4SicctRc:DXmift7W8cIMdQf/nC/yqDtK

Score
8/10
bootkitdiscoveryexecutionpersistenceupx

Malware Config

Targets

    • Target

      click and enter passcode 2233 to read.msi

    • Size

      2.9MB

    • MD5

      9bf5705792f3552b1ad437d43a8fa82d

    • SHA1

      b1f26e3897e3680bda1846af06ec8c9c529973c6

    • SHA256

      79e7cb46bf71ab7ac1170e62e535ea41849299622b1f221d94d99f94ef392f10

    • SHA512

      96bf18d557fbf6b7113a02be2243dad2bb0de46d0b3d8e8e2789f0694ba8998c8c0a8eb50ac478d78ad7eed3dd81458dc1a1d9fa04b7df5b9bb28a44a8eeb6ab

    • SSDEEP

      49152:7+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:7+lUlz9FKbsodq0YaH7ZPxMb8tT

    Score
    8/10
    bootkitdiscoveryexecutionpersistenceupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

4
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks