aa7a60de604040120304e4633eadd65e2d2d9b1872ee3fd7e06120ba493fb068 | Triage

Sharing

General

Target

aa7a60de604040120304e4633eadd65e2d2d9b1872ee3fd7e06120ba493fb068
Size

3.7MB
Sample

221125-qf7qqsdf2y
MD5

219b86401b49248e1855460d7930256a
SHA1

156dedbe4bc055055da9e7e356545531c196c83f
SHA256

aa7a60de604040120304e4633eadd65e2d2d9b1872ee3fd7e06120ba493fb068
SHA512

79f0cab9f0172cb8eaed1da2c23a26ed04ea6382fabaec273acb48086feba216ff614465d698e14a4387d4785ad706f16dba86da7320acf91d3319af9d92bd68
SSDEEP

98304:dm+9vwQ0OrAYvZhw6g11r7n+m5pQhXeMpBGYhkA:1vwkrAS7whjPt5yfpBGY+

Score

8^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  aa7a60de604040120304e4633eadd65e2d2d9b1872ee3fd7e06120ba493fb068
- Size
  
  3.7MB
- MD5
  
  219b86401b49248e1855460d7930256a
- SHA1
  
  156dedbe4bc055055da9e7e356545531c196c83f
- SHA256
  
  aa7a60de604040120304e4633eadd65e2d2d9b1872ee3fd7e06120ba493fb068
- SHA512
  
  79f0cab9f0172cb8eaed1da2c23a26ed04ea6382fabaec273acb48086feba216ff614465d698e14a4387d4785ad706f16dba86da7320acf91d3319af9d92bd68
- SSDEEP
  
  98304:dm+9vwQ0OrAYvZhw6g11r7n+m5pQhXeMpBGYhkA:1vwkrAS7whjPt5yfpBGY+
Score

8^/10

bootkit discovery persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitpersistence