cc794417a1ea7304185eb15fd5df4acedf7be20a2d053780552b17acc4ea960c | Triage

Sharing

General

Target

cc794417a1ea7304185eb15fd5df4acedf7be20a2d053780552b17acc4ea960c
Size

645KB
Sample

221123-vntajahe57
MD5

550fbcd1774a4f27495f6b629d24057a
SHA1

41fee316aae8c639e2b90013cabad4ec133c7fc0
SHA256

cc794417a1ea7304185eb15fd5df4acedf7be20a2d053780552b17acc4ea960c
SHA512

bba4b5a6d704541f62aa7a271a3007f1fbecda487ec664101b034964ad826d5fcada4a9d355ed94543f039e5b71d8848b2c9210f99cca790b116327294e860a1
SSDEEP

12288:eRRbwLC2zgOEntneFQxalV36HmQTvtYUYIGCw/8PT4gwDG3Kgt7o9:wMn0OE5SV36rTms13JK9

Score

10^/10

bootkit evasion persistence

Malware Config

Targets

- Target
  
  cc794417a1ea7304185eb15fd5df4acedf7be20a2d053780552b17acc4ea960c
- Size
  
  645KB
- MD5
  
  550fbcd1774a4f27495f6b629d24057a
- SHA1
  
  41fee316aae8c639e2b90013cabad4ec133c7fc0
- SHA256
  
  cc794417a1ea7304185eb15fd5df4acedf7be20a2d053780552b17acc4ea960c
- SHA512
  
  bba4b5a6d704541f62aa7a271a3007f1fbecda487ec664101b034964ad826d5fcada4a9d355ed94543f039e5b71d8848b2c9210f99cca790b116327294e860a1
- SSDEEP
  
  12288:eRRbwLC2zgOEntneFQxalV36HmQTvtYUYIGCw/8PT4gwDG3Kgt7o9:wMn0OE5SV36rTms13JK9
Score

10^/10

bootkit evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistence

behavioral2

bootkitpersistence