Overview

overview

8

Static

static

c132a7558d...c5.exe

windows7_x64

8

c132a7558d...c5.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c132a7558d53618905f930c6957b45209e6038041615c71fc7376831b92741c5

  • Size

    8.8MB

  • Sample

    210302-la5m1lfszs

  • MD5

    6be7f3673828b880e853f1d8e08a33ee

  • SHA1

    1572ea46ca6ac40def4c641ecb6aff8f36ba238f

  • SHA256

    c132a7558d53618905f930c6957b45209e6038041615c71fc7376831b92741c5

  • SHA512

    55e5f0484c649aa3b9d676c03d739c0c119a2c6bdf9bf81b460483f44474e4b8c1e57e969b07516e7de672141f78b2793606e63684cd914fed059c0098272223

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      c132a7558d53618905f930c6957b45209e6038041615c71fc7376831b92741c5

    • Size

      8.8MB

    • MD5

      6be7f3673828b880e853f1d8e08a33ee

    • SHA1

      1572ea46ca6ac40def4c641ecb6aff8f36ba238f

    • SHA256

      c132a7558d53618905f930c6957b45209e6038041615c71fc7376831b92741c5

    • SHA512

      55e5f0484c649aa3b9d676c03d739c0c119a2c6bdf9bf81b460483f44474e4b8c1e57e969b07516e7de672141f78b2793606e63684cd914fed059c0098272223

    Score
    8/10
    bootkitpersistence

    • Drops file in Drivers directory

    • Sets service image path in registry

      persistence

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks