bd2d503d6d1f4929810267f67280e100e0279ba4ba3a5d3a43c311a4733681ad | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd2d503d6d1f4929810267f67280e100e0279ba4ba3a5d3a43c311a4733681ad
Size

340KB
Sample

220919-c7x4qachf4
MD5

957eacda80f1e984a00ec73d9db2a4ea
SHA1

06f6c779bcf3a83bffbb4135ae29b14e09267296
SHA256

bd2d503d6d1f4929810267f67280e100e0279ba4ba3a5d3a43c311a4733681ad
SHA512

a0e765be70c0034693f0fa4117cb0ed3f35ba7076b561bed5aadc238819028b81f48a04301177d2b4897f4bb846006dfc6a79491312af0bd25fb2c928d2a3b20
SSDEEP

6144:1t+s2nCAQKXQNsOetSqNetbWOa2DKWMTHsspDwtQCrVBILdV8U:gCKV7etbWfH1wspfm/I5

Score

10^/10

bootkit evasion persistence

Malware Config

Targets

- Target
  
  bd2d503d6d1f4929810267f67280e100e0279ba4ba3a5d3a43c311a4733681ad
- Size
  
  340KB
- MD5
  
  957eacda80f1e984a00ec73d9db2a4ea
- SHA1
  
  06f6c779bcf3a83bffbb4135ae29b14e09267296
- SHA256
  
  bd2d503d6d1f4929810267f67280e100e0279ba4ba3a5d3a43c311a4733681ad
- SHA512
  
  a0e765be70c0034693f0fa4117cb0ed3f35ba7076b561bed5aadc238819028b81f48a04301177d2b4897f4bb846006dfc6a79491312af0bd25fb2c928d2a3b20
- SSDEEP
  
  6144:1t+s2nCAQKXQNsOetSqNetbWOa2DKWMTHsspDwtQCrVBILdV8U:gCKV7etbWfH1wspfm/I5
Score

10^/10

bootkit evasion persistence
- Modifies security service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistence

behavioral2

bootkitevasionpersistence