9945aca9c51b2d420585e28adcb500631f27e4322e07afc1f13b7b690d177d0c | Triage

Submit
Reports

Overview

overview

8

Static

static

7

hwid-spoofer.exe

windows7-x64

7

hwid-spoofer.exe

windows10-2004-x64

Sharing

General

Target

hwid-spoofer.exe
Size

266KB
Sample

240701-pr1acsvgml
MD5

322f7016ccf0835c39375dfc42370222
SHA1

701a2e8c1d8976c7b5b6a49d6449a4ff92dba6ee
SHA256

9945aca9c51b2d420585e28adcb500631f27e4322e07afc1f13b7b690d177d0c
SHA512

82fc8db901bd68ba322635d8a1d7d515f3b61cdf2a65d0c5f132ce7f0a3b74dd4545ed7c762707510a225e0adb91516a468019b264bd7ac625fe24ffc6e6aefb
SSDEEP

6144:amBvRxy3LhH3R8QG18lS8kjdiWNAYot/lKyy8rw/8E/lx1q:BxfeZk1oGNyy8rwUE/8

Score

8^/10

bootkit persistence vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

hwid-spoofer.exe

Resource

win7-20240508-en

windows7-x64

8 signatures

1800 seconds

Behavioral task

behavioral2

Sample

hwid-spoofer.exe

Resource

win10v2004-20240508-en

bootkit persistence vmprotect

windows10-2004-x64

18 signatures

1800 seconds

Malware Config

Targets

- Target
  
  hwid-spoofer.exe
- Size
  
  266KB
- MD5
  
  322f7016ccf0835c39375dfc42370222
- SHA1
  
  701a2e8c1d8976c7b5b6a49d6449a4ff92dba6ee
- SHA256
  
  9945aca9c51b2d420585e28adcb500631f27e4322e07afc1f13b7b690d177d0c
- SHA512
  
  82fc8db901bd68ba322635d8a1d7d515f3b61cdf2a65d0c5f132ce7f0a3b74dd4545ed7c762707510a225e0adb91516a468019b264bd7ac625fe24ffc6e6aefb
- SSDEEP
  
  6144:amBvRxy3LhH3R8QG18lS8kjdiWNAYot/lKyy8rw/8E/lx1q:BxfeZk1oGNyy8rwUE/8
Score

8^/10

vmprotect bootkit persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

bootkitpersistencevmprotect

© 2018-2024

Terms | Privacy