Overview

overview

8

Static

static

5

962c826c4f...05.exe

windows7_x64

8

962c826c4f...05.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    962c826c4f851b29d1140cfc73c379fe72f13a1ac04e0f549cc15a8440321b05

  • Size

    7.4MB

  • Sample

    220524-ra9tkshahk

  • MD5

    7a0f69ced2a8a66b3132d6c38613a8e3

  • SHA1

    34c9a1895103b2825211d5819abdf168a72a7b68

  • SHA256

    962c826c4f851b29d1140cfc73c379fe72f13a1ac04e0f549cc15a8440321b05

  • SHA512

    e111145f4c9b7144936d0a43e1e485d2132eaee19b3975a2a00e5c1eb930cdb01385d8d8073bf172ce60dc5cbcf5f11766b6bb62957c337bf3ba2598249e11a9

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      962c826c4f851b29d1140cfc73c379fe72f13a1ac04e0f549cc15a8440321b05

    • Size

      7.4MB

    • MD5

      7a0f69ced2a8a66b3132d6c38613a8e3

    • SHA1

      34c9a1895103b2825211d5819abdf168a72a7b68

    • SHA256

      962c826c4f851b29d1140cfc73c379fe72f13a1ac04e0f549cc15a8440321b05

    • SHA512

      e111145f4c9b7144936d0a43e1e485d2132eaee19b3975a2a00e5c1eb930cdb01385d8d8073bf172ce60dc5cbcf5f11766b6bb62957c337bf3ba2598249e11a9

    Score
    8/10
    bootkitpersistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks