f5508c57f116baf22d0e1a8114d85797565f09571103a3af1cc12b3ce790364e | Triage

Sharing

General

Target

f5508c57f116baf22d0e1a8114d85797565f09571103a3af1cc12b3ce790364e
Size

371KB
Sample

221004-ds5qpaaec3
MD5

61b6d64f7ca14f2bba31c68f10c3cd20
SHA1

2b792503db2cbca825c9a782fff9728a3d080e13
SHA256

f5508c57f116baf22d0e1a8114d85797565f09571103a3af1cc12b3ce790364e
SHA512

4b96c66705b9867f7872b1720fa09c35eebf744148663e1a3540bf6d371c6c5219f7d8554527330df7d24a8571c1b7c98a9ee55bf7cc42224668c3439e85d96a
SSDEEP

6144:4cTsPrjFXNlkArqecU3KmeBKahiom7EIrIczmyHfsip+rGf8xxrKDRwv2o7:4cTs99jKUheBKah2EOX/FktKE2G

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  f5508c57f116baf22d0e1a8114d85797565f09571103a3af1cc12b3ce790364e
- Size
  
  371KB
- MD5
  
  61b6d64f7ca14f2bba31c68f10c3cd20
- SHA1
  
  2b792503db2cbca825c9a782fff9728a3d080e13
- SHA256
  
  f5508c57f116baf22d0e1a8114d85797565f09571103a3af1cc12b3ce790364e
- SHA512
  
  4b96c66705b9867f7872b1720fa09c35eebf744148663e1a3540bf6d371c6c5219f7d8554527330df7d24a8571c1b7c98a9ee55bf7cc42224668c3439e85d96a
- SSDEEP
  
  6144:4cTsPrjFXNlkArqecU3KmeBKahiom7EIrIczmyHfsip+rGf8xxrKDRwv2o7:4cTs99jKUheBKah2EOX/FktKE2G
Score

7^/10

persistence bootkit
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bootkitpersistence