02190c5e84d7e7b3866816742f5258fbea919c2cbe581a04b7013b9bdddc565a | Triage

Submit
Reports

Overview

overview

8

Static

static

511AM.png

windows10-1703-x64

8

Resubmissions

19-11-2022 16:53

221119-vefm3sbe39 8

19-11-2022 16:41

221119-t7bddsbb32 8

Sharing

General

Target

511AM.PNG
Size

966B
Sample

221119-t7bddsbb32
MD5

5c51a8836f1c31af4517ff739cb3e7fa
SHA1

49af67355378b659a38686c6b02e7de32915a1f8
SHA256

02190c5e84d7e7b3866816742f5258fbea919c2cbe581a04b7013b9bdddc565a
SHA512

9cd3a607d9c9ad59f63c983a20fd8a8eb1565700cb06b8f3bf162565fece8bf7363cac6e953fd9f1b1bdf5cdb799486ace5180fbabbab69fdc4cc24d06980bda

Score

8^/10

bootkit discovery evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

511AM.png

Resource

win10-20220812-en

bootkit discovery evasion persistence

windows10-1703-x64

24 signatures

1800 seconds

Malware Config

Targets

- Target
  
  511AM.PNG
- Size
  
  966B
- MD5
  
  5c51a8836f1c31af4517ff739cb3e7fa
- SHA1
  
  49af67355378b659a38686c6b02e7de32915a1f8
- SHA256
  
  02190c5e84d7e7b3866816742f5258fbea919c2cbe581a04b7013b9bdddc565a
- SHA512
  
  9cd3a607d9c9ad59f63c983a20fd8a8eb1565700cb06b8f3bf162565fece8bf7363cac6e953fd9f1b1bdf5cdb799486ace5180fbabbab69fdc4cc24d06980bda
Score

8^/10

bootkit discovery evasion persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Bootkit

Hidden Files and Directories

Privilege Escalation

Defense Evasion

File Permissions Modification

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistence

© 2018-2024

Terms | Privacy