Overview

overview

10

Static

static

799be6eb66...f1.exe

windows7-x64

6

799be6eb66...f1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    799be6eb668352d03421bbc212d4b12b89ed67f2d309a2992f48a391f28958f1

  • Size

    333KB

  • Sample

    221003-ekn9eagegm

  • MD5

    42f619451c2887be1a4217dbd90e6772

  • SHA1

    1cee18eba1fcfe5bf4e65b163d63bf9be1dd0ee8

  • SHA256

    799be6eb668352d03421bbc212d4b12b89ed67f2d309a2992f48a391f28958f1

  • SHA512

    da9d36e66bb7304d0da06a577b0f81ee0ba8a42eb665455442ba3787ade01652a28b0e5a2c3b3627615bc4549c801d40b52faaec310f08540100e848756bb4ed

  • SSDEEP

    6144:nzm01fxxOUCjMOczWjRSvnVW5GJZ2tNYLj8MfsBB+2AnvUhFGM:ny03fVzYKj86s3+2dp

Score
10/10
bootkitevasionpersistence

Malware Config

Targets

    • Target

      799be6eb668352d03421bbc212d4b12b89ed67f2d309a2992f48a391f28958f1

    • Size

      333KB

    • MD5

      42f619451c2887be1a4217dbd90e6772

    • SHA1

      1cee18eba1fcfe5bf4e65b163d63bf9be1dd0ee8

    • SHA256

      799be6eb668352d03421bbc212d4b12b89ed67f2d309a2992f48a391f28958f1

    • SHA512

      da9d36e66bb7304d0da06a577b0f81ee0ba8a42eb665455442ba3787ade01652a28b0e5a2c3b3627615bc4549c801d40b52faaec310f08540100e848756bb4ed

    • SSDEEP

      6144:nzm01fxxOUCjMOczWjRSvnVW5GJZ2tNYLj8MfsBB+2AnvUhFGM:ny03fVzYKj86s3+2dp

    Score
    10/10
    bootkitpersistenceevasion

    • Modifies firewall policy service

      evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks