192f765b8587cccf2bc7e9d4622315c0c2e39bc5988592ba50b2c92c41c5a5bc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

192f765b8587cccf2bc7e9d4622315c0c2e39bc5988592ba50b2c92c41c5a5bc
Size

830KB
Sample

221201-g8pwysfh3v
MD5

56a142a6ab58013b03ccd03374d66c20
SHA1

24c7d6699480eeecf5400de56ba84cb2e45379df
SHA256

192f765b8587cccf2bc7e9d4622315c0c2e39bc5988592ba50b2c92c41c5a5bc
SHA512

94b084a300a72430879d0c0cb00c4bc594599be70e4409dcf7f1294290f83591618dcedabdd31484e0cf5f906c33f9129cbc71e1d1186dc42739f05096eb49fd
SSDEEP

24576:ojC5aJlIXd1U9eYjSjL/DSPWmeEeaoT2:ojCoJmN60YjSn/Ou+eaoT2

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  192f765b8587cccf2bc7e9d4622315c0c2e39bc5988592ba50b2c92c41c5a5bc
- Size
  
  830KB
- MD5
  
  56a142a6ab58013b03ccd03374d66c20
- SHA1
  
  24c7d6699480eeecf5400de56ba84cb2e45379df
- SHA256
  
  192f765b8587cccf2bc7e9d4622315c0c2e39bc5988592ba50b2c92c41c5a5bc
- SHA512
  
  94b084a300a72430879d0c0cb00c4bc594599be70e4409dcf7f1294290f83591618dcedabdd31484e0cf5f906c33f9129cbc71e1d1186dc42739f05096eb49fd
- SSDEEP
  
  24576:ojC5aJlIXd1U9eYjSjL/DSPWmeEeaoT2:ojCoJmN60YjSn/Ou+eaoT2
Score

6^/10

bootkit persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence