ef8c7f72e23cc6e38068566ca80bd2d395266e26c263551988d9c920b1d04845 | Triage

Sharing

General

Target

ef8c7f72e23cc6e38068566ca80bd2d395266e26c263551988d9c920b1d04845
Size

624KB
Sample

221125-2gnvsseg3x
MD5

c3201abf7146ab685f4ecb118036f020
SHA1

a0d0341530fede0c3e25d4bb050ceca72cf836f8
SHA256

ef8c7f72e23cc6e38068566ca80bd2d395266e26c263551988d9c920b1d04845
SHA512

40e8479c251355db393da589b6b306d690e02629391ff84747d38f4fc465cb2207f4fe6bfff872f67f86fac0e7fe6b6273a1bd5bc6bf1db30e0ba2ee6cbd0461
SSDEEP

12288:JPHtLcahfnqx6P3zal/J7ZSIVvY44/N7gkW74/msTIlTL:JPHtBYUzawIVvYddI4us

Score

8^/10

aspackv2 bootkit persistence

Malware Config

Targets

- Target
  
  ef8c7f72e23cc6e38068566ca80bd2d395266e26c263551988d9c920b1d04845
- Size
  
  624KB
- MD5
  
  c3201abf7146ab685f4ecb118036f020
- SHA1
  
  a0d0341530fede0c3e25d4bb050ceca72cf836f8
- SHA256
  
  ef8c7f72e23cc6e38068566ca80bd2d395266e26c263551988d9c920b1d04845
- SHA512
  
  40e8479c251355db393da589b6b306d690e02629391ff84747d38f4fc465cb2207f4fe6bfff872f67f86fac0e7fe6b6273a1bd5bc6bf1db30e0ba2ee6cbd0461
- SSDEEP
  
  12288:JPHtLcahfnqx6P3zal/J7ZSIVvY44/N7gkW74/msTIlTL:JPHtBYUzawIVvYddI4us
Score

6^/10

bootkit persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence