94205d32e9a58542581895827520743b96d9111cf5012c006ad74e7da5473e83 | Triage

Sharing

General

Target

94205d32e9a58542581895827520743b96d9111cf5012c006ad74e7da5473e83
Size

2.0MB
Sample

221128-f496nahd88
MD5

4dadc73eb13e6a60dc6435de928c1a88
SHA1

a9d48748892e57d1fd31da75e65e17de7aa84762
SHA256

94205d32e9a58542581895827520743b96d9111cf5012c006ad74e7da5473e83
SHA512

57a18eb52ae7c949f1bb2cb0014c4819e11a4e34205929bed11872bb640cbd317979b020bf5c1c9ccf7ce247a91ac11a8e8681bcb281edbdf5a54df8af63f14c
SSDEEP

49152:RAhJsXnBgNmY7reOga4JNUiAEzFbVoJC4BRzVTLBOs:GJdNmY7rGh7zJJu/RzNBOs

Score

7^/10

bootkit evasion persistence

Malware Config

Targets

- Target
  
  94205d32e9a58542581895827520743b96d9111cf5012c006ad74e7da5473e83
- Size
  
  2.0MB
- MD5
  
  4dadc73eb13e6a60dc6435de928c1a88
- SHA1
  
  a9d48748892e57d1fd31da75e65e17de7aa84762
- SHA256
  
  94205d32e9a58542581895827520743b96d9111cf5012c006ad74e7da5473e83
- SHA512
  
  57a18eb52ae7c949f1bb2cb0014c4819e11a4e34205929bed11872bb640cbd317979b020bf5c1c9ccf7ce247a91ac11a8e8681bcb281edbdf5a54df8af63f14c
- SSDEEP
  
  49152:RAhJsXnBgNmY7reOga4JNUiAEzFbVoJC4BRzVTLBOs:GJdNmY7rGh7zJJu/RzNBOs
Score

7^/10

bootkit evasion persistence
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistence

behavioral2