6efdc0a3367a348198417ebd98da315e0b62a61ecdb8f0218f386db144f6cc4a | Triage

Submit
Reports

Overview

overview

8

Static

static

6efdc0a336...4a.exe

windows7-x64

6

6efdc0a336...4a.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

6efdc0a3367a348198417ebd98da315e0b62a61ecdb8f0218f386db144f6cc4a
Size

824KB
Sample

221129-jxjxnsdh6y
MD5

11c3576901520e1ce86850e9725f9800
SHA1

d4a302a5c3a2f92c31b05e005dd30edfe62f2f3a
SHA256

6efdc0a3367a348198417ebd98da315e0b62a61ecdb8f0218f386db144f6cc4a
SHA512

b90e8edcc5640776f92e9a8e78c7069e8ab4f428c7d50755d2f6a2f8ad66faaaf1c827a5d112c2283da5e611ac64aac5e61565c0297573af8eaabc4cfedaef55
SSDEEP

12288:evQtmixg/Q6A6Bg7/oEQLcv5fYjEfYG675m8QmXt0+JC/NBb5VxEAhvD7LQ8H+6d:TtmE6NBwAEQLcvG4YR7OoeCAhHLQav

Score

8^/10

bootkit persistence

Static task

static1

Behavioral task

behavioral1

Sample

6efdc0a3367a348198417ebd98da315e0b62a61ecdb8f0218f386db144f6cc4a.exe

Resource

win7-20220812-en

bootkit persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

6efdc0a3367a348198417ebd98da315e0b62a61ecdb8f0218f386db144f6cc4a.exe

Resource

win10v2004-20220901-en

bootkit persistence

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  6efdc0a3367a348198417ebd98da315e0b62a61ecdb8f0218f386db144f6cc4a
- Size
  
  824KB
- MD5
  
  11c3576901520e1ce86850e9725f9800
- SHA1
  
  d4a302a5c3a2f92c31b05e005dd30edfe62f2f3a
- SHA256
  
  6efdc0a3367a348198417ebd98da315e0b62a61ecdb8f0218f386db144f6cc4a
- SHA512
  
  b90e8edcc5640776f92e9a8e78c7069e8ab4f428c7d50755d2f6a2f8ad66faaaf1c827a5d112c2283da5e611ac64aac5e61565c0297573af8eaabc4cfedaef55
- SSDEEP
  
  12288:evQtmixg/Q6A6Bg7/oEQLcv5fYjEfYG675m8QmXt0+JC/NBb5VxEAhvD7LQ8H+6d:TtmE6NBwAEQLcvG4YR7OoeCAhHLQav
Score

8^/10

bootkit persistence
- Modifies Installed Components in the registry
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

© 2018-2025

Terms | Privacy