39634ed658b2669c3c004ff6ec7c68f0fa2a336f89d60e01cf39eafae7032581 | Triage

Sharing

General

Target

39634ed658b2669c3c004ff6ec7c68f0fa2a336f89d60e01cf39eafae7032581
Size

822KB
Sample

221123-l19cvacg85
MD5

7e578daf23a054e779b0b59b2f32de6f
SHA1

482685ffaa0945642447a872d1c54d35b6b648fe
SHA256

39634ed658b2669c3c004ff6ec7c68f0fa2a336f89d60e01cf39eafae7032581
SHA512

b4d2632b1889f95e1a733be38fa67a6e796027d94dfd814ce40ac7b2128585ab4ca6947c2caa5434f1f1be20ac75f23eb1d268cd561b7e82d14f1775b9bce735
SSDEEP

12288:b9iXUW3nIvx/39bJWAia0/9J4KTZf6dUEZbUF5zypGQHm24DUm:493nq/39bJWZa0/BTt6uE6zzypGU34g

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  39634ed658b2669c3c004ff6ec7c68f0fa2a336f89d60e01cf39eafae7032581
- Size
  
  822KB
- MD5
  
  7e578daf23a054e779b0b59b2f32de6f
- SHA1
  
  482685ffaa0945642447a872d1c54d35b6b648fe
- SHA256
  
  39634ed658b2669c3c004ff6ec7c68f0fa2a336f89d60e01cf39eafae7032581
- SHA512
  
  b4d2632b1889f95e1a733be38fa67a6e796027d94dfd814ce40ac7b2128585ab4ca6947c2caa5434f1f1be20ac75f23eb1d268cd561b7e82d14f1775b9bce735
- SSDEEP
  
  12288:b9iXUW3nIvx/39bJWAia0/9J4KTZf6dUEZbUF5zypGQHm24DUm:493nq/39bJWZa0/BTt6uE6zzypGU34g
Score

6^/10

bootkit persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence