d66a933ebcebd6da186a8ba41f271a1c638beaf81f460ae7ba1942e489e6b5c0 | Triage

Sharing

General

Target

d66a933ebcebd6da186a8ba41f271a1c638beaf81f460ae7ba1942e489e6b5c0
Size

645KB
Sample

221125-eqp3wsdh8y
MD5

7cec5312dcd7a1884b50c0d221f8875b
SHA1

e0a330037a8b371d3839e541a3a5ecbb0186f755
SHA256

d66a933ebcebd6da186a8ba41f271a1c638beaf81f460ae7ba1942e489e6b5c0
SHA512

3caa1ee375e36805e8f38d4e46c5d8d8f2f97f2772d85e5cc61c228f5c7f788ef82b9a81d0ff604d6799ab3743258cc7bc4deaf1a40e76c6f33c3a1d331c81cc
SSDEEP

12288:BShXV5wGcqGXVLsOAWOsn7LyPcCyIjX1iHYf6b7MP+Dd22:B0cfqGlLsOAXS7Uym1iX7MP+h22

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  d66a933ebcebd6da186a8ba41f271a1c638beaf81f460ae7ba1942e489e6b5c0
- Size
  
  645KB
- MD5
  
  7cec5312dcd7a1884b50c0d221f8875b
- SHA1
  
  e0a330037a8b371d3839e541a3a5ecbb0186f755
- SHA256
  
  d66a933ebcebd6da186a8ba41f271a1c638beaf81f460ae7ba1942e489e6b5c0
- SHA512
  
  3caa1ee375e36805e8f38d4e46c5d8d8f2f97f2772d85e5cc61c228f5c7f788ef82b9a81d0ff604d6799ab3743258cc7bc4deaf1a40e76c6f33c3a1d331c81cc
- SSDEEP
  
  12288:BShXV5wGcqGXVLsOAWOsn7LyPcCyIjX1iHYf6b7MP+Dd22:B0cfqGlLsOAXS7Uym1iX7MP+h22
Score

7^/10

bootkit persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2