Description
Bootkits write to the MBR to gain persistence at a level below the operating system.
General
Target
Size
Sample
6aa5d04137f934fe59dce47a1d51b1c6affc4298ddc5e44b6630e39a4552b2ae
880KB
220520-e437nscgfk
Score
8/10
MD5
SHA1
SHA256
SHA512
186993c6317b7e8f43df4dfb007a0eeb
1c206ed99ec61e6d45700b33929789bc15a8c45f
6aa5d04137f934fe59dce47a1d51b1c6affc4298ddc5e44b6630e39a4552b2ae
70873a073681bc163421dd4f70ddab0d2e1e6c97a6ab05a06a636bf1ff961809264b1ef722f39c85f2dfa13e38567e087a0a0ae44a4b9377676e37c3348324cd
Malware Config
Targets
Target
MD5
Filesize
grldrinst.exe
492e2b7d6d688c33ee6c4ee6a1abf298
34KB
Score
1/10
SHA1
SHA256
SHA512
9737c2758960c541c24756d44204409b5d43cf01
e99e7db52c4e7431dda2b61074ec46b623e49a0eaeb2b789c27080b35b67c9e3
c887238bd35d80dc11ca9d877df1f0cd3efa01b65cbf32b0c51f891127d93d1a28a4d256a4d68fac67d05a624c70ae98fda7929b11429af6718012879807292a
Related Tasks
Target
MD5
Filesize
grubinstGui2.exe
3b23e12bff983d52dbca22c700e9338a
216KB
Score
8/10
SHA1
SHA256
SHA512
52dcde5bc8934ab70b76a21f6a559626129834c6
974a20e3681cbedd1674c4fadacf1481e6e7f1985f69589caf37313464fa1a19
991fd833b1a3363680fa35cf709c39a9bce426d6e6e0d0453b7fe263a5b0f2174f9eacdc8e03d468c6001e2b25f4eb1a27b391fcb05ad0237d6cab6397740426
Tags
Signatures
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Related Tasks
Target
MD5
Filesize
msvbvm60.dll
5343a19c618bc515ceb1695586c6c137
1MB
Score
1/10
SHA1
SHA256
SHA512
4dedae8cbde066f31c8e6b52c0baa3f8b1117742
2246b4feae199408ea66d4a90c1589026f4a5800ce5a28e583b94506a8a73dce
708d8a252a167fa94e3e1a49e2630d07613ff75a9a3e779a0c1fcbec44aa853a68c401f31a2b84152f46a05f7d93f4e5e502afc7a60236a22ac58dea73fa5606
Related Tasks
Target
MD5
Filesize
mtldrinst.exe
a1d33b80e8d5b80ed549811fd3070018
45KB
Score
1/10
SHA1
SHA256
SHA512
1967be963184532df6af0a126d26c6a9798a4ad6
fbc13115ccac312a521570df7818518ec3cc1c7f6d17dd98a44f17c96236c219
d9c9c6172d0804617abadab4bd3b50839baef013f8536b38d292345d9f07526d79ac7311a2b9c15a44fbb220b31282f857b97a1988e79f5878f9deeded322514
Related Tasks
Target
MD5
Filesize
myvolume.dll
ecacbb02d6a0612d0a2a785d74bab56f
112KB
Score
3/10
SHA1
SHA256
SHA512
9656999b984e139aa8c6d9e30c9502cbf23b7989
96006ab170cc690af5ce388e94c44cbb076cdfff3acd274383c6f13738b4b2b7
0a68fad847639ff7114b82fd66f4c34c3a27ba1539baf4e6a7878a61a70258ea602baa56c53ba16a73682f8d8160abb2be6d1e7dc07a739d3bc7b8972515a68c
Related Tasks
Target
MD5
Filesize
下载说明.htm
9bd1ac9ead8eda95e8284f12ddba89e2
3KB
Score
1/10
SHA1
SHA256
SHA512
44ad2b426711da0bc122d500b9117808385bd406
54198ae94a082537ca82686954de11084ebb050917b65871fe1639c2c1a308b8
e94611639a7396705f684055fa762db261bbaffb2d7b459b1fddbd44d25358b3bb3111ae84a8bc444388f26908193fbfa79c232570f52a38f1c49fb57b322850
Related Tasks
Target
MD5
Filesize
使用帮助(河东软件园).url
6a29fdd9a578559f631bd0c0919539f2
216B
Score
1/10
SHA1
SHA256
SHA512
7ba1e243d907b6893f798dbd6169ee057e4845e9
6592450b9c9233d6d1a751020b3514bd20512d1224983c774e633ab2dee7b2c9
6eee5fe42d1105523e0555ba90f6a98237293983238a80342a62bb7dc1cb1a5b00081a447ae3a0d36f67ace197f288315f816f6da9ea27457753efb625793cc1
Related Tasks
Target
MD5
Filesize
欢迎来到 grubinst2.doc
eca075bb637f2228ecf911b2d10eeb33
206KB
Score
4/10
SHA1
SHA256
SHA512
eada267873cfdde7d14e92794ed22e95bb543a4d
d39eb615c760f9dba0c642e8466c1eb70b40c48965303be3f881a3edd1d6facd
91a4421e9c909ca6c95fa081efc8865adcb7a868bede910af695150b16b79a77526754498cf635af256d8c8c31da09c2cba10b26e480728a39933244dcf86b13
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
1/10
behavioral2
Score
1/10
behavioral3
Score
8/10
behavioral4
Score
8/10
behavioral5
Score
1/10
behavioral6
Score
1/10
behavioral7
Score
1/10
behavioral8
Score
1/10
behavioral9
Score
3/10
behavioral10
Score
3/10
behavioral11
Score
1/10
behavioral12
Score
1/10
behavioral13
Score
1/10
behavioral14
Score
1/10
behavioral15
Score
4/10
behavioral16
Score
1/10