064d473b7ad14eba851626e43b8e9edf51a5c43c1a357780e8bdb6fa2a41b4cf | Triage

Sharing

General

Target

064d473b7ad14eba851626e43b8e9edf51a5c43c1a357780e8bdb6fa2a41b4cf
Size

421KB
Sample

221129-m7zmnafg5y
MD5

cef88c4eb3156742c9865de7275b9890
SHA1

17847f8eb7c5da15b4925102e1bc2702308d5f8b
SHA256

064d473b7ad14eba851626e43b8e9edf51a5c43c1a357780e8bdb6fa2a41b4cf
SHA512

4ef8dee2c5c54df0f1c60fa343a56ae4765e9f1ed65590764bc58cbfc3e3fec0345d8c228f302c9f5a28987dcbd63520e758aedda46226a182650e0022aa3970
SSDEEP

6144:AO/AhcWoi8yw1NJEi1OrEduMuGbzIW4FmNiI8ARVOVQFpCm:AcAhcWotJ1NWvOTuG3WYNAQbCm

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  064d473b7ad14eba851626e43b8e9edf51a5c43c1a357780e8bdb6fa2a41b4cf
- Size
  
  421KB
- MD5
  
  cef88c4eb3156742c9865de7275b9890
- SHA1
  
  17847f8eb7c5da15b4925102e1bc2702308d5f8b
- SHA256
  
  064d473b7ad14eba851626e43b8e9edf51a5c43c1a357780e8bdb6fa2a41b4cf
- SHA512
  
  4ef8dee2c5c54df0f1c60fa343a56ae4765e9f1ed65590764bc58cbfc3e3fec0345d8c228f302c9f5a28987dcbd63520e758aedda46226a182650e0022aa3970
- SSDEEP
  
  6144:AO/AhcWoi8yw1NJEi1OrEduMuGbzIW4FmNiI8ARVOVQFpCm:AcAhcWotJ1NWvOTuG3WYNAQbCm
Score

8^/10

bootkit persistence
- Blocklisted process makes network request
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence