37e66c97969d6d352736b225aeaf0302f4e8f9a859e8123171427ec37494a665 | Triage

Sharing

General

Target

37e66c97969d6d352736b225aeaf0302f4e8f9a859e8123171427ec37494a665
Size

338KB
Sample

221003-nf2tdadee4
MD5

6306073c8c7b8170ee034e0a3d4f6f59
SHA1

be45f6216f83219da60fd1be40ce57506ca0a092
SHA256

37e66c97969d6d352736b225aeaf0302f4e8f9a859e8123171427ec37494a665
SHA512

253ee47b479b9afa1fd5af7bcca570efd5446027db545c0a0036ba3625fd2ae9de9941ddbff6a3a2083bcda819cebd5dc0acb43e5598c2997e325ac840fd3990
SSDEEP

6144:eshYsGeQndFsux59NNUF1oY6u48xVVSGAfMMH2EjM:GJeQnzsuRvm1zOaQfq6M

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  37e66c97969d6d352736b225aeaf0302f4e8f9a859e8123171427ec37494a665
- Size
  
  338KB
- MD5
  
  6306073c8c7b8170ee034e0a3d4f6f59
- SHA1
  
  be45f6216f83219da60fd1be40ce57506ca0a092
- SHA256
  
  37e66c97969d6d352736b225aeaf0302f4e8f9a859e8123171427ec37494a665
- SHA512
  
  253ee47b479b9afa1fd5af7bcca570efd5446027db545c0a0036ba3625fd2ae9de9941ddbff6a3a2083bcda819cebd5dc0acb43e5598c2997e325ac840fd3990
- SSDEEP
  
  6144:eshYsGeQndFsux59NNUF1oY6u48xVVSGAfMMH2EjM:GJeQnzsuRvm1zOaQfq6M
Score

8^/10

bootkit persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence