34f45c8c60ab47b517940fe95d7f6ac2c5a668db841b426cec8d8c64d8d5fdb7 | Triage

Sharing

General

Target

34f45c8c60ab47b517940fe95d7f6ac2c5a668db841b426cec8d8c64d8d5fdb7
Size

61KB
Sample

221020-g2b2hshch5
MD5

806a39814a00be8d47d945c10884df0c
SHA1

1573da7e9e237afc2b5f67b5e4cc8b6796dd4fd7
SHA256

34f45c8c60ab47b517940fe95d7f6ac2c5a668db841b426cec8d8c64d8d5fdb7
SHA512

9329d38299f30ab3afc7295f9e95bb9f85d3a6122c3d8c4619cd3f3f64094a2615118a95b6907deeeecaf87c250230b0766e3396474c093a4137c151e7ac87dc
SSDEEP

768:XJrkANtWy6T13GXcda9ZQLkr8fRjj42c6TmYAFaK6x7Ix2uAfLiox613KXJT1Bmj:Fj0ZWOsskrH2GFaK6BiAfLiwXJfF8Ey

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  34f45c8c60ab47b517940fe95d7f6ac2c5a668db841b426cec8d8c64d8d5fdb7
- Size
  
  61KB
- MD5
  
  806a39814a00be8d47d945c10884df0c
- SHA1
  
  1573da7e9e237afc2b5f67b5e4cc8b6796dd4fd7
- SHA256
  
  34f45c8c60ab47b517940fe95d7f6ac2c5a668db841b426cec8d8c64d8d5fdb7
- SHA512
  
  9329d38299f30ab3afc7295f9e95bb9f85d3a6122c3d8c4619cd3f3f64094a2615118a95b6907deeeecaf87c250230b0766e3396474c093a4137c151e7ac87dc
- SSDEEP
  
  768:XJrkANtWy6T13GXcda9ZQLkr8fRjj42c6TmYAFaK6x7Ix2uAfLiox613KXJT1Bmj:Fj0ZWOsskrH2GFaK6BiAfLiwXJfF8Ey
Score

8^/10

bootkit persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence