85e1ecc1992015d6f946a183ceaaf9e022fbcc36bdb2a7fa13bf2337f9c60c38 | Triage

Sharing

General

Target

85e1ecc1992015d6f946a183ceaaf9e022fbcc36bdb2a7fa13bf2337f9c60c38
Size

998KB
Sample

221203-2ab8esee9v
MD5

fd4fa44ae6b548123f7b136fb1811be9
SHA1

426fe9207035c449b6fbd9e25bfeed5550e2bf94
SHA256

85e1ecc1992015d6f946a183ceaaf9e022fbcc36bdb2a7fa13bf2337f9c60c38
SHA512

457ba7a8acb1c0fd28bf143aa548dc8fb918d7edcf44ef83946e63a7ef95d3ba6a85caa49f80028e9f43522b8f62699c2af9794909e63f4391d95607cc70208f
SSDEEP

24576:UeVlmJUzOLgGGDu/DtJvTyHOeF/l43kdz5oy1p:UriSLgPDQDtJvaOeY3kdz5

Score

7^/10

bootkit evasion persistence trojan

Malware Config

Targets

- Target
  
  85e1ecc1992015d6f946a183ceaaf9e022fbcc36bdb2a7fa13bf2337f9c60c38
- Size
  
  998KB
- MD5
  
  fd4fa44ae6b548123f7b136fb1811be9
- SHA1
  
  426fe9207035c449b6fbd9e25bfeed5550e2bf94
- SHA256
  
  85e1ecc1992015d6f946a183ceaaf9e022fbcc36bdb2a7fa13bf2337f9c60c38
- SHA512
  
  457ba7a8acb1c0fd28bf143aa548dc8fb918d7edcf44ef83946e63a7ef95d3ba6a85caa49f80028e9f43522b8f62699c2af9794909e63f4391d95607cc70208f
- SSDEEP
  
  24576:UeVlmJUzOLgGGDu/DtJvTyHOeF/l43kdz5oy1p:UriSLgPDQDtJvaOeY3kdz5
Score

7^/10

bootkit evasion persistence trojan
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistencetrojan

behavioral2