Overview

overview

8

Static

static

tmp.exe

windows7_x64

8

tmp.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    4.4MB

  • Sample

    220521-rh63nacghp

  • MD5

    da9219017688631cd6e317e510e3c512

  • SHA1

    951c49ad80fc1e44ba14ec4885f5457d0954c41c

  • SHA256

    26fd0979259f26a0f0d3480f9f41b06cf9b2b95b4a5ebbcf678bbb461d0876ef

  • SHA512

    8fb8207147b335d54cd95f9c91525d11b2e9e54b0000f32807e71e350e084bc9baf16a0fe44d04c33fefa976a7271ef17d16c5de968521cf91161c1a446f2f26

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      tmp

    • Size

      4.4MB

    • MD5

      da9219017688631cd6e317e510e3c512

    • SHA1

      951c49ad80fc1e44ba14ec4885f5457d0954c41c

    • SHA256

      26fd0979259f26a0f0d3480f9f41b06cf9b2b95b4a5ebbcf678bbb461d0876ef

    • SHA512

      8fb8207147b335d54cd95f9c91525d11b2e9e54b0000f32807e71e350e084bc9baf16a0fe44d04c33fefa976a7271ef17d16c5de968521cf91161c1a446f2f26

    Score
    8/10
    bootkitpersistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks