14826656abcdeb4ac0a284943fc22aea914600268c920f4c850d246164cc26ef | Triage

Sharing

General

Target

14826656abcdeb4ac0a284943fc22aea914600268c920f4c850d246164cc26ef
Size

849KB
Sample

221123-saetwadg61
MD5

6b524333b71606255c62d4ec42736138
SHA1

bceaf9c5d506e0a59a3080bd07461c51cdeec684
SHA256

14826656abcdeb4ac0a284943fc22aea914600268c920f4c850d246164cc26ef
SHA512

7c64cc3a5bfaaf8b549b915f424d58c90b906d7c81670b2e5e7fd464cf03e2c5f4f092085bec80bc2b41b6ed6d7fa16d7df20adadb5779a01728bfc5af25e6be
SSDEEP

24576:zp3fle1HzaqZSX1Ql20e6YYHV/oaLHJB/PxoDv:zJs5aqZSX1rD6LJL3Pg

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  14826656abcdeb4ac0a284943fc22aea914600268c920f4c850d246164cc26ef
- Size
  
  849KB
- MD5
  
  6b524333b71606255c62d4ec42736138
- SHA1
  
  bceaf9c5d506e0a59a3080bd07461c51cdeec684
- SHA256
  
  14826656abcdeb4ac0a284943fc22aea914600268c920f4c850d246164cc26ef
- SHA512
  
  7c64cc3a5bfaaf8b549b915f424d58c90b906d7c81670b2e5e7fd464cf03e2c5f4f092085bec80bc2b41b6ed6d7fa16d7df20adadb5779a01728bfc5af25e6be
- SSDEEP
  
  24576:zp3fle1HzaqZSX1Ql20e6YYHV/oaLHJB/PxoDv:zJs5aqZSX1rD6LJL3Pg
Score

6^/10

bootkit persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence