98ba7942b008954282475a4f1d2d7d55b88851dcd3a62f59761c0275c23b25c2 | Triage

Sharing

General

Target

98ba7942b008954282475a4f1d2d7d55b88851dcd3a62f59761c0275c23b25c2
Size

259KB
Sample

220919-qq5zwsahd3
MD5

8eb97b78cadd1ef96f31428f5a356a7a
SHA1

5aa6e9966322998843a3e675273c54d9c001cb75
SHA256

98ba7942b008954282475a4f1d2d7d55b88851dcd3a62f59761c0275c23b25c2
SHA512

face228ed19f11d7a0eff721b4118668da54d8b3bfe39ce55b49864cdbd6365954349b2471fdf477c6dbd92cb606a19ff1b779cb91e186dc14be4844d417479e
SSDEEP

6144:160Erpa3KDcoqrAQVSMjrkLT10oO1JxrsyY5kDg:16DrpWAcoqrASkl0osjr9YCc

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  98ba7942b008954282475a4f1d2d7d55b88851dcd3a62f59761c0275c23b25c2
- Size
  
  259KB
- MD5
  
  8eb97b78cadd1ef96f31428f5a356a7a
- SHA1
  
  5aa6e9966322998843a3e675273c54d9c001cb75
- SHA256
  
  98ba7942b008954282475a4f1d2d7d55b88851dcd3a62f59761c0275c23b25c2
- SHA512
  
  face228ed19f11d7a0eff721b4118668da54d8b3bfe39ce55b49864cdbd6365954349b2471fdf477c6dbd92cb606a19ff1b779cb91e186dc14be4844d417479e
- SSDEEP
  
  6144:160Erpa3KDcoqrAQVSMjrkLT10oO1JxrsyY5kDg:16DrpWAcoqrASkl0osjr9YCc
Score

8^/10

bootkit persistence
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2