56b7a9cf25c676078041a22c141ef294541694a1a96bd183cd8720b5cebc3e66 | Triage

Sharing

General

Target

56b7a9cf25c676078041a22c141ef294541694a1a96bd183cd8720b5cebc3e66
Size

676KB
Sample

220725-ccjylsabdn
MD5

380d6173342f79c10fa9dc62e4166477
SHA1

55a3a0e2a726e72abc9e3a23b9065b014d14d308
SHA256

56b7a9cf25c676078041a22c141ef294541694a1a96bd183cd8720b5cebc3e66
SHA512

83444aed8eee3ca0e36b3c5e902ede0259058c0dba7b08b09bc0595c994c2035c9a18a571185718c5ca96b89f5857c0d7eeaa5bbc878361f79bf3325660aa965

Score

10^/10

bootkit persistence suricata

Malware Config

Targets

- Target
  
  56b7a9cf25c676078041a22c141ef294541694a1a96bd183cd8720b5cebc3e66
- Size
  
  676KB
- MD5
  
  380d6173342f79c10fa9dc62e4166477
- SHA1
  
  55a3a0e2a726e72abc9e3a23b9065b014d14d308
- SHA256
  
  56b7a9cf25c676078041a22c141ef294541694a1a96bd183cd8720b5cebc3e66
- SHA512
  
  83444aed8eee3ca0e36b3c5e902ede0259058c0dba7b08b09bc0595c994c2035c9a18a571185718c5ca96b89f5857c0d7eeaa5bbc878361f79bf3325660aa965
Score

10^/10

bootkit persistence suricata
- suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistencesuricata

behavioral2

bootkitpersistencesuricata