0a9361657db620a5517ff3d39cb49744ce422819f191a637311f2b79fea5802f | Triage

Sharing

General

Target

0a9361657db620a5517ff3d39cb49744ce422819f191a637311f2b79fea5802f
Size

46KB
Sample

220919-pkdg1sgee5
MD5

2dd14afcc7e1566980af3e1485109f9c
SHA1

77fb3de68b63bd8e0a05277dc6b858fa7384a860
SHA256

0a9361657db620a5517ff3d39cb49744ce422819f191a637311f2b79fea5802f
SHA512

fe9497d2fae6e8ff677c90d37d00237590f6b48b893dfbec6d7b5dcd473202133836fbcf7f669f4e4442eead15cac557316b4f47e497cc9aa49751927cffc5b0
SSDEEP

768:0C38y4disgWSU1YlmDPoYSbRR9P+srOTrG:0CR4ggSU1Y4PoB+sC

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  0a9361657db620a5517ff3d39cb49744ce422819f191a637311f2b79fea5802f
- Size
  
  46KB
- MD5
  
  2dd14afcc7e1566980af3e1485109f9c
- SHA1
  
  77fb3de68b63bd8e0a05277dc6b858fa7384a860
- SHA256
  
  0a9361657db620a5517ff3d39cb49744ce422819f191a637311f2b79fea5802f
- SHA512
  
  fe9497d2fae6e8ff677c90d37d00237590f6b48b893dfbec6d7b5dcd473202133836fbcf7f669f4e4442eead15cac557316b4f47e497cc9aa49751927cffc5b0
- SSDEEP
  
  768:0C38y4disgWSU1YlmDPoYSbRR9P+srOTrG:0CR4ggSU1Y4PoB+sC
Score

8^/10

bootkit persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence