298fac8bf7434f0020848bded81cf92492ed290c1349e1338a6fbe2f87f1b249 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

2023gw1509-safety.exe

windows10-2004-x64

1

2023gw1509.exe

windows10-2004-x64

8

Sharing

General

Target

2023gw1509.zip
Size

86KB
Sample

240701-bqa27avfkj
MD5

fe3c96b0554d75c70d9912233ae27246
SHA1

9fecd9d5bb2237b1ff60ca2d20bceb865d650881
SHA256

298fac8bf7434f0020848bded81cf92492ed290c1349e1338a6fbe2f87f1b249
SHA512

33d9f0e91bd4f52b41122b3572f3c46dad5def89461e57910ff423bc2d08693da36a22a0d75a0b561769d0f429d8c7b32cef654ded0afccba3fab32feb1c4842
SSDEEP

1536:U3LU27ghAK0I4PeLDhCEbapjBCib6u+DUWlLunXjyVsm:GkhB0LPeTOpVCib6u+DPunXjcz

Score

8^/10

bootkit evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2023gw1509-safety.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

2023gw1509.exe

Resource

win10v2004-20240611-en

bootkit evasion persistence

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  2023gw1509-safety.exe
- Size
  
  76KB
- MD5
  
  c2a8e533dc6132fd4388fd12bf4850ec
- SHA1
  
  f23af0dc75897117b7dc6bcb1aa31d5fccc93647
- SHA256
  
  a6ce2c599b64e91fd3e5513fde527c73a565381eaf3d43cd0db4a7cf3ed25778
- SHA512
  
  54a7bdcb094f90b77f7870dd93eba13d2790e8154a0307a5cd110a06e9b181c8d015fbd93713f7de647a9339ad75755e866bcbd38af8891283f34820f714a422
- SSDEEP
  
  1536:wZzVvFwHus7Mz+Wjpbhe/lt/oQTNZOM0EIwxrDDB:QAHwz+WlwtQQR8+t1
Score

1^/10
behavioral1
- Target
  
  2023gw1509.exe
- Size
  
  109KB
- MD5
  
  8ceee4d9fd1edbf2db49a0543565763f
- SHA1
  
  330f275b9bde64a7ae9fa2fd7515c511e2cb8351
- SHA256
  
  abc51f9202715b26d152c9c5f43fc18ff3e2304b0117930be6e2813d96f614e1
- SHA512
  
  15912cb177c47eebb2d4f591395991652dfde673f94e2df5a59e5b24ebc63d3036de5ae1628a90aae504be2160c20ec762c16047e4134e47a666951f5476b233
- SSDEEP
  
  1536:lN579bnA2KT3+DFLiDQNO0fiwx3oQTNZOM0EIwxrDD:17RnA22ONO0fiwx4QR8+t
Score

8^/10

bootkit evasion persistence
- Disables Task Manager via registry modification
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

bootkitevasionpersistence

© 2018-2024

Terms | Privacy