7a981d743a601ca2ae40f78547430bcd404f93520b0ba78e2ca53edf8a0f31f0 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

8a0c95be8a...2b.exe

windows7-x64

7

8a0c95be8a...2b.exe

windows10-2004-x64

1

Sharing

General

Target

b73f3134bb5ee95d8deb3abdfc9b1263.bin
Size

416KB
Sample

240701-dpnyrsvapd
MD5

b73f3134bb5ee95d8deb3abdfc9b1263
SHA1

21b083a7113a351448b163ff715563b9b1b389ad
SHA256

7a981d743a601ca2ae40f78547430bcd404f93520b0ba78e2ca53edf8a0f31f0
SHA512

7a97dff34c788dc9c6c846c4a0c5972f9d829079a052425f7bb154d4e4377d4d5c3f53a5dcb7c40f71d52be4514c6fb514d2c32f4b729d298d5e6156c1e0d1e8
SSDEEP

12288:XILdgtltoEuRpBc73QwIF5fnAVPolkk5wn8DjZzMt17ab9uM:XILdoJuRpBcIdseVfZzMLaZuM

Score

7^/10

bootkit persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8a0c95be8a40ae5419f7d97bb3e91b2b.exe

Resource

win7-20231129-en

bootkit persistence

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

8a0c95be8a40ae5419f7d97bb3e91b2b.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  8a0c95be8a40ae5419f7d97bb3e91b2b
- Size
  
  405KB
- MD5
  
  8a0c95be8a40ae5419f7d97bb3e91b2b
- SHA1
  
  3fb703474bc750c5e99da9ad5426128a8936a118
- SHA256
  
  b04637c11c63dd5a4a599d7104f0c5880717b5d5b32e0104de5a416963f06118
- SHA512
  
  2a474d39e985907afc0e7ea0ef0d46d0978ff60a19f3048578d6328228aad530340e3d1291fbd7da3368308501e81cacd4854c0f8b5e0bc634eb0860254935c8
- SSDEEP
  
  12288:v2EBbXiJU1L1l8XgxixExbY9+fZlYeFk9kZRyQWwVzxu:v2EVXiu1BlnxixExb3ptZUQP4
Score

7^/10

bootkit persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

© 2018-2024

Terms | Privacy