71adf3516e919eb54beb335bb9794b2d3aed9ec379b31ed5accdb54e922c0104 | Triage

Sharing

General

Target

71adf3516e919eb54beb335bb9794b2d3aed9ec379b31ed5accdb54e922c0104
Size

3.0MB
Sample

220524-q1jjmsgddk
MD5

28926ebd5205f7974ae1f1aa93771e1d
SHA1

e83295300338529f79c840ff6ea5bea08bd644d9
SHA256

71adf3516e919eb54beb335bb9794b2d3aed9ec379b31ed5accdb54e922c0104
SHA512

c1a8e3dea827fca69ad0b7eefc727a7adff13d8ef09a96072b0026a0d1aa4992950f467575aadb86467cbacd4622572c19bcf02408980cfff304d5ad81f5cb93

Score

10^/10

bootkit persistence

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
112.213.89.26
Port:
21
Username:
kimmaosuvuong@kimyen.club
Password:
https://www.youtube.com/watch?v=Z_udu2fuWKU&t=199s

Targets

- Target
  
  71adf3516e919eb54beb335bb9794b2d3aed9ec379b31ed5accdb54e922c0104
- Size
  
  3.0MB
- MD5
  
  28926ebd5205f7974ae1f1aa93771e1d
- SHA1
  
  e83295300338529f79c840ff6ea5bea08bd644d9
- SHA256
  
  71adf3516e919eb54beb335bb9794b2d3aed9ec379b31ed5accdb54e922c0104
- SHA512
  
  c1a8e3dea827fca69ad0b7eefc727a7adff13d8ef09a96072b0026a0d1aa4992950f467575aadb86467cbacd4622572c19bcf02408980cfff304d5ad81f5cb93
Score

10^/10

bootkit persistence
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence