66ebad26aa10a9d86bb425537d045120b2a97f5b70a52d6e076eca4f80125112 | Triage

Sharing

General

Target

66ebad26aa10a9d86bb425537d045120b2a97f5b70a52d6e076eca4f80125112
Size

268KB
Sample

221003-d7pysaeeh2
MD5

6073612d852f8f91aeb04a34f8d908f0
SHA1

366d17baf3a6886c62c091e72c4c3839b2a735f0
SHA256

66ebad26aa10a9d86bb425537d045120b2a97f5b70a52d6e076eca4f80125112
SHA512

820873df9f16ff58221b0173e921768a94d690f8ddd37f2890819a2dfa735648196dc01f0e7c928164f2ef60cb48597ce73c9108cdd576dfc7c9a7da018b683b
SSDEEP

3072:CaRlPjy5E3RSVUy7vxoWhd3AebHcO8oBh4O4O9w2BzCKPKmUcj:TbwEBSVD7WWXwebHTB6O4Wdfacj

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  66ebad26aa10a9d86bb425537d045120b2a97f5b70a52d6e076eca4f80125112
- Size
  
  268KB
- MD5
  
  6073612d852f8f91aeb04a34f8d908f0
- SHA1
  
  366d17baf3a6886c62c091e72c4c3839b2a735f0
- SHA256
  
  66ebad26aa10a9d86bb425537d045120b2a97f5b70a52d6e076eca4f80125112
- SHA512
  
  820873df9f16ff58221b0173e921768a94d690f8ddd37f2890819a2dfa735648196dc01f0e7c928164f2ef60cb48597ce73c9108cdd576dfc7c9a7da018b683b
- SSDEEP
  
  3072:CaRlPjy5E3RSVUy7vxoWhd3AebHcO8oBh4O4O9w2BzCKPKmUcj:TbwEBSVD7WWXwebHTB6O4Wdfacj
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence