5aa2a4b41857e176fdf1721e7a45b28e7bed8754f9b3f10e7ac5ff8d234cf26a | Triage

Sharing

General

Target

5aa2a4b41857e176fdf1721e7a45b28e7bed8754f9b3f10e7ac5ff8d234cf26a
Size

170KB
Sample

221123-yalv3scd8y
MD5

fc3bdfec5907968cc35af7ed8eb49784
SHA1

2e34767187c03733e07f7882a3490d9bfa1aebd3
SHA256

5aa2a4b41857e176fdf1721e7a45b28e7bed8754f9b3f10e7ac5ff8d234cf26a
SHA512

b7ab999b2d04366de12799a843d06d4971ace3826c6d5194db547cc15437c90ce01ca65a7b9997d7bcf96ec6264f35ef305604a87d3921aba933b9706f51c3af
SSDEEP

3072:ReWfjw5CsqDbgXu6dbrePqNdLn+BvU5clFIW2ZZdYbi9mbF:h85Csq6breAEU5ciW2ZZNy

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  5aa2a4b41857e176fdf1721e7a45b28e7bed8754f9b3f10e7ac5ff8d234cf26a
- Size
  
  170KB
- MD5
  
  fc3bdfec5907968cc35af7ed8eb49784
- SHA1
  
  2e34767187c03733e07f7882a3490d9bfa1aebd3
- SHA256
  
  5aa2a4b41857e176fdf1721e7a45b28e7bed8754f9b3f10e7ac5ff8d234cf26a
- SHA512
  
  b7ab999b2d04366de12799a843d06d4971ace3826c6d5194db547cc15437c90ce01ca65a7b9997d7bcf96ec6264f35ef305604a87d3921aba933b9706f51c3af
- SSDEEP
  
  3072:ReWfjw5CsqDbgXu6dbrePqNdLn+BvU5clFIW2ZZdYbi9mbF:h85Csq6breAEU5ciW2ZZNy
Score

7^/10

bootkit persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence