4e1848f1f0cb0e785b8a834051a2d97e81e7bf287a532c73c6118da43ba46f2b | Triage

Resubmissions

03-10-2022 08:06

221003-jzwn9aedd9 6

03-10-2022 08:04

221003-jyqrlsech6 1

Sharing

General

Target

DiskGenius.exe.7z
Size

17.1MB
Sample

221003-jzwn9aedd9
MD5

91601ccf1c206f1d87b7158f4ca30bd5
SHA1

ce426f9673fee3bd285e2f8883494dc67d17fc05
SHA256

4e1848f1f0cb0e785b8a834051a2d97e81e7bf287a532c73c6118da43ba46f2b
SHA512

8a9a2f892e11d014d18fa1a799f0a26c8410df046609525e06304dacf1679de7584def657f2cb6323165e8dcdddb1ca63a98b02912dec2b68fc14277bc8866a2
SSDEEP

393216:p5BIfMAgbmsgVjiQWTQvYClni89hIDz84fqH9XxZLNR:pEfMDbFMYYniCiM4fqHh

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  DiskGenius.exe
- Size
  
  27.0MB
- MD5
  
  a20ee95a97f752220dedbc6ecbe440e7
- SHA1
  
  221a00d0fff19b8ba17a38b14684ca3c5c0ff49b
- SHA256
  
  47b03540bedfa374a38d1aa9276a1e2e6201d1149e488614e700ce7df67c7279
- SHA512
  
  b56710d898d1e8eda12114581cce2008b183e40f875dddc43a63e4b1f8c9153ef66436e2d1f8cb3546f4ff04a615f911e922ab63af02b87f448a5611e7cad0ab
- SSDEEP
  
  786432:dVgPf4MiH1bhA0hccZmtT7LVvVjiWKv9nOxrmU32n/uSaQoy0urpRvpSkhASjIT:XgX4nVhccZ6bx09nOxrmU32n/uSaQoya
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence