0f351ca89e4705c3640697b5b9c0e0f477758643567c5149f545b97a8f1c7f16 | Triage

Submit
Reports

Overview

overview

8

Static

static

0f351ca89e...16.exe

windows7-x64

8

0f351ca89e...16.exe

windows10-2004-x64

8

Sharing

General

Target

0f351ca89e4705c3640697b5b9c0e0f477758643567c5149f545b97a8f1c7f16
Size

823KB
Sample

221030-tgnwsshbe6
MD5

834152587ef04320c3772fb99cf69765
SHA1

049994a1be4d9a8fe54d8b1d949d6f8927174087
SHA256

0f351ca89e4705c3640697b5b9c0e0f477758643567c5149f545b97a8f1c7f16
SHA512

27430951f5f4f86ab13c4b0ea3e68c5561768555edc7c650856f84cb11f2d38cd7276a34f67817a54eeacb7412f80e8bf44c9e6ee546edfa52bf5827f472146e
SSDEEP

24576:M54eD+kxjqxpBkWOGfNtzoLgEqGawppAe:M54M72xpGWO0gtvpq

Score

8^/10

bootkit persistence

Static task

static1

Behavioral task

behavioral1

Sample

0f351ca89e4705c3640697b5b9c0e0f477758643567c5149f545b97a8f1c7f16.exe

Resource

win7-20220812-en

bootkit persistence

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

0f351ca89e4705c3640697b5b9c0e0f477758643567c5149f545b97a8f1c7f16.exe

Resource

win10v2004-20220901-en

bootkit persistence

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  0f351ca89e4705c3640697b5b9c0e0f477758643567c5149f545b97a8f1c7f16
- Size
  
  823KB
- MD5
  
  834152587ef04320c3772fb99cf69765
- SHA1
  
  049994a1be4d9a8fe54d8b1d949d6f8927174087
- SHA256
  
  0f351ca89e4705c3640697b5b9c0e0f477758643567c5149f545b97a8f1c7f16
- SHA512
  
  27430951f5f4f86ab13c4b0ea3e68c5561768555edc7c650856f84cb11f2d38cd7276a34f67817a54eeacb7412f80e8bf44c9e6ee546edfa52bf5827f472146e
- SSDEEP
  
  24576:M54eD+kxjqxpBkWOGfNtzoLgEqGawppAe:M54M72xpGWO0gtvpq
Score

8^/10

bootkit persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

© 2018-2025

Terms | Privacy