b699758c2e191f32a8a9d9c7b7bc1e66b8fd0644f6181ddb3339639edc38d56f | Triage

Sharing

General

Target

b699758c2e191f32a8a9d9c7b7bc1e66b8fd0644f6181ddb3339639edc38d56f
Size

32KB
Sample

220725-b252pshfdq
MD5

56ccbdaa85437657712c855c86d918ee
SHA1

d6c2f3b4c6e91646e14069ace6709ef26bd7cd94
SHA256

b699758c2e191f32a8a9d9c7b7bc1e66b8fd0644f6181ddb3339639edc38d56f
SHA512

1b73e000452e4f13df27d65c66b25d6a474644bce2c533f08245c04ca5152d51285730e14b423d07ef7aa17ae2aa9be8be5aeab77df0876c4471c57e49e1fc2a

Score

10^/10

bootkit persistence suricata

Malware Config

Targets

- Target
  
  b699758c2e191f32a8a9d9c7b7bc1e66b8fd0644f6181ddb3339639edc38d56f
- Size
  
  32KB
- MD5
  
  56ccbdaa85437657712c855c86d918ee
- SHA1
  
  d6c2f3b4c6e91646e14069ace6709ef26bd7cd94
- SHA256
  
  b699758c2e191f32a8a9d9c7b7bc1e66b8fd0644f6181ddb3339639edc38d56f
- SHA512
  
  1b73e000452e4f13df27d65c66b25d6a474644bce2c533f08245c04ca5152d51285730e14b423d07ef7aa17ae2aa9be8be5aeab77df0876c4471c57e49e1fc2a
Score

10^/10

bootkit persistence suricata
- suricata: ET MALWARE Possible Variant.Kazy.53640 Malformed Client Hello SSL 3.0 (Cipher_Suite length greater than Client_Hello Length)
  suricata: ET MALWARE Possible Variant.Kazy.53640 Malformed Client Hello SSL 3.0 (Cipher_Suite length greater than Client_Hello Length)
  suricata
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

bootkitpersistencesuricata