6da6eb6027f873f383654ba4179907ed51975c7e6fd9a3e3f65b03f3bf6f1ce6 | Triage

Sharing

General

Target

6da6eb6027f873f383654ba4179907ed51975c7e6fd9a3e3f65b03f3bf6f1ce6
Size

960KB
Sample

221003-nl1hhadgd5
MD5

6e5bd41066e5bf42545ab411b8d691d0
SHA1

203cb305d2c3da7a8cf3a578a5b32f1aab0a868a
SHA256

6da6eb6027f873f383654ba4179907ed51975c7e6fd9a3e3f65b03f3bf6f1ce6
SHA512

ff989f1748ffdd572eaff67cfc354f0b3d256e1ad42c30cfb3981989b145ffb3886b27a565341815679adf24f2959c3ac194bafe8b9b48bf757f9acf8a20cb03
SSDEEP

24576:rB/Z9arRbSnCS/ZmExYaEsAGSTU9twGTdK8kUu1hLMuK:hCFbSCSIEiLsA+92udK8bKPK

Score

8^/10

bootkit evasion persistence trojan

Malware Config

Targets

- Target
  
  6da6eb6027f873f383654ba4179907ed51975c7e6fd9a3e3f65b03f3bf6f1ce6
- Size
  
  960KB
- MD5
  
  6e5bd41066e5bf42545ab411b8d691d0
- SHA1
  
  203cb305d2c3da7a8cf3a578a5b32f1aab0a868a
- SHA256
  
  6da6eb6027f873f383654ba4179907ed51975c7e6fd9a3e3f65b03f3bf6f1ce6
- SHA512
  
  ff989f1748ffdd572eaff67cfc354f0b3d256e1ad42c30cfb3981989b145ffb3886b27a565341815679adf24f2959c3ac194bafe8b9b48bf757f9acf8a20cb03
- SSDEEP
  
  24576:rB/Z9arRbSnCS/ZmExYaEsAGSTU9twGTdK8kUu1hLMuK:hCFbSCSIEiLsA+92udK8bKPK
Score

8^/10

bootkit evasion persistence trojan
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitevasionpersistencetrojan

behavioral2

bootkitevasionpersistencetrojan