5e1e21f19f72bc4d092c5e1bbaf60f143193c8230a894a70b1e15e6fcc5c55e9 | Triage

Sharing

General

Target

5e1e21f19f72bc4d092c5e1bbaf60f143193c8230a894a70b1e15e6fcc5c55e9
Size

2.5MB
Sample

221125-lfvzqagb22
MD5

8e5a651d0b0c4088a4e34ac9091c05d7
SHA1

6033b7c8fb7ebd6176a98d09cd2ee0afa1fe5cb7
SHA256

5e1e21f19f72bc4d092c5e1bbaf60f143193c8230a894a70b1e15e6fcc5c55e9
SHA512

a47599c15ce45a678e35d6e8b4a486208d867e5e7af4b5d29e2d4d210b51e0f4d3607fd0762fa20bf1b0c9a926fdc26d9253c4a55efae40bb0dc2db0ca9bc376
SSDEEP

49152:tVPOE69onqxGYOP00L1KqQYwH5wfUaqXuY1v:UGqEP00AqQX5XLXuY1v

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  5e1e21f19f72bc4d092c5e1bbaf60f143193c8230a894a70b1e15e6fcc5c55e9
- Size
  
  2.5MB
- MD5
  
  8e5a651d0b0c4088a4e34ac9091c05d7
- SHA1
  
  6033b7c8fb7ebd6176a98d09cd2ee0afa1fe5cb7
- SHA256
  
  5e1e21f19f72bc4d092c5e1bbaf60f143193c8230a894a70b1e15e6fcc5c55e9
- SHA512
  
  a47599c15ce45a678e35d6e8b4a486208d867e5e7af4b5d29e2d4d210b51e0f4d3607fd0762fa20bf1b0c9a926fdc26d9253c4a55efae40bb0dc2db0ca9bc376
- SSDEEP
  
  49152:tVPOE69onqxGYOP00L1KqQYwH5wfUaqXuY1v:UGqEP00AqQX5XLXuY1v
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence