c2b25ce1681b85c91b5e28075f1c7d9903630c167e5b4aa5d8bb1f6bf5b829b7 | Triage

Sharing

General

Target

c2b25ce1681b85c91b5e28075f1c7d9903630c167e5b4aa5d8bb1f6bf5b829b7
Size

432KB
Sample

221003-n8cd7aegdp
MD5

4e19b670b3bc0e01f0cc7b0ce614228b
SHA1

0583e12b60b79a82273f57886eff57224332151e
SHA256

c2b25ce1681b85c91b5e28075f1c7d9903630c167e5b4aa5d8bb1f6bf5b829b7
SHA512

ed682f79728c73b64a93f8520e098fa2b9980f587f0ade888b529119e1a97d22d714d002a95c352bb6e9170cfc8e08310c7273734f62fbd1f956b5fed29a5d6f
SSDEEP

12288:VHz7hkIQlAZ+k5lPOYimk7uU2SNmlTBHZYK:VHUlA35lWYiiU2uO/

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  c2b25ce1681b85c91b5e28075f1c7d9903630c167e5b4aa5d8bb1f6bf5b829b7
- Size
  
  432KB
- MD5
  
  4e19b670b3bc0e01f0cc7b0ce614228b
- SHA1
  
  0583e12b60b79a82273f57886eff57224332151e
- SHA256
  
  c2b25ce1681b85c91b5e28075f1c7d9903630c167e5b4aa5d8bb1f6bf5b829b7
- SHA512
  
  ed682f79728c73b64a93f8520e098fa2b9980f587f0ade888b529119e1a97d22d714d002a95c352bb6e9170cfc8e08310c7273734f62fbd1f956b5fed29a5d6f
- SSDEEP
  
  12288:VHz7hkIQlAZ+k5lPOYimk7uU2SNmlTBHZYK:VHUlA35lWYiiU2uO/
Score

8^/10

bootkit persistence
- Blocklisted process makes network request
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence