Overview

overview

8

Static

static

2681f978a4...8a.exe

windows7-x64

8

2681f978a4...8a.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2681f978a4f13d6b1f008a884870c3c31273d342dd1fce101a2f6071af30048a

  • Size

    2.1MB

  • Sample

    221125-1zr5haab93

  • MD5

    8ab0b7e54c5aa0674a18f16888a306c1

  • SHA1

    5115484309463172d7dec935b5837b8c21f8d10f

  • SHA256

    2681f978a4f13d6b1f008a884870c3c31273d342dd1fce101a2f6071af30048a

  • SHA512

    3c2963b08d386abaef7877a88b81045dfa1646589293e8096c30094d474dd17b8b6a2acbb0e64f0e3433d131d4b6c99489172e0c781da242d0b39fc329b7bad1

  • SSDEEP

    49152:8huWMIeqinlXyhnqFZKd/vODDDDDDDDDvxr:NVIeLn1yhqzKtODDDDDDDDDvxr

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      2681f978a4f13d6b1f008a884870c3c31273d342dd1fce101a2f6071af30048a

    • Size

      2.1MB

    • MD5

      8ab0b7e54c5aa0674a18f16888a306c1

    • SHA1

      5115484309463172d7dec935b5837b8c21f8d10f

    • SHA256

      2681f978a4f13d6b1f008a884870c3c31273d342dd1fce101a2f6071af30048a

    • SHA512

      3c2963b08d386abaef7877a88b81045dfa1646589293e8096c30094d474dd17b8b6a2acbb0e64f0e3433d131d4b6c99489172e0c781da242d0b39fc329b7bad1

    • SSDEEP

      49152:8huWMIeqinlXyhnqFZKd/vODDDDDDDDDvxr:NVIeLn1yhqzKtODDDDDDDDDvxr

    Score
    8/10
    bootkitpersistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks