903c6a71d2805be4673824017bdea8af89f9a2cf0a8b749dfd7397e622ffdfbe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

903c6a71d2805be4673824017bdea8af89f9a2cf0a8b749dfd7397e622ffdfbe
Size

174KB
Sample

221202-wlmweaaf42
MD5

e2bb9debf33967fdbdcf4d77f7bd268b
SHA1

37e6cd4aa8e60d7ce7dae8d28823c5cc069e7e20
SHA256

903c6a71d2805be4673824017bdea8af89f9a2cf0a8b749dfd7397e622ffdfbe
SHA512

ff85238a2eeff28a7f34cd0d58a13e40aed46966bd97778281d8dc53ff6a0d7379172f0d44a1c45177ad14b2d4255720c33d79a1f73cb5c8c9ac9299819f3caf
SSDEEP

3072:/3E3I2uOiBgsvKLqDHEFwKSxTjYnNG8CmmG4tcb90UuhU89di1cFR8:/U3Bu7KsjHEF/CTYG8CmmG4o0U0bi6FR

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  903c6a71d2805be4673824017bdea8af89f9a2cf0a8b749dfd7397e622ffdfbe
- Size
  
  174KB
- MD5
  
  e2bb9debf33967fdbdcf4d77f7bd268b
- SHA1
  
  37e6cd4aa8e60d7ce7dae8d28823c5cc069e7e20
- SHA256
  
  903c6a71d2805be4673824017bdea8af89f9a2cf0a8b749dfd7397e622ffdfbe
- SHA512
  
  ff85238a2eeff28a7f34cd0d58a13e40aed46966bd97778281d8dc53ff6a0d7379172f0d44a1c45177ad14b2d4255720c33d79a1f73cb5c8c9ac9299819f3caf
- SSDEEP
  
  3072:/3E3I2uOiBgsvKLqDHEFwKSxTjYnNG8CmmG4tcb90UuhU89di1cFR8:/U3Bu7KsjHEF/CTYG8CmmG4o0U0bi6FR
Score

7^/10

bootkit persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence