c1c89e8666c8db2f1fe615868465d6a1f83d71e8138b4dbe4f7258e520337948 | Triage

Sharing

General

Target

c1c89e8666c8db2f1fe615868465d6a1f83d71e8138b4dbe4f7258e520337948
Size

820KB
Sample

221201-ww2sbafc66
MD5

08e821e4c9cca60d66458067c2558760
SHA1

9a34722fdeaff810047fe70f5096689a85275599
SHA256

c1c89e8666c8db2f1fe615868465d6a1f83d71e8138b4dbe4f7258e520337948
SHA512

5c35524497808d819ff23c67feb74c20d5c54832f3522919b2436f9fdb07913e40367096b727383559574f48c7d45c15c2c2587b94d4a9669d1b67f69f6f751b
SSDEEP

24576:ylBWQGEX3nLdZpOqU/SD0MVlzeSMBtUmzGQLl:WDLdZ4n/FeehjUmaQLl

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  c1c89e8666c8db2f1fe615868465d6a1f83d71e8138b4dbe4f7258e520337948
- Size
  
  820KB
- MD5
  
  08e821e4c9cca60d66458067c2558760
- SHA1
  
  9a34722fdeaff810047fe70f5096689a85275599
- SHA256
  
  c1c89e8666c8db2f1fe615868465d6a1f83d71e8138b4dbe4f7258e520337948
- SHA512
  
  5c35524497808d819ff23c67feb74c20d5c54832f3522919b2436f9fdb07913e40367096b727383559574f48c7d45c15c2c2587b94d4a9669d1b67f69f6f751b
- SSDEEP
  
  24576:ylBWQGEX3nLdZpOqU/SD0MVlzeSMBtUmzGQLl:WDLdZ4n/FeehjUmaQLl
Score

6^/10

bootkit persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence