c11254d671e63f3618d3d7875316fbaeba10034902d51b054ae9006828887684 | Triage

Sharing

General

Target

c11254d671e63f3618d3d7875316fbaeba10034902d51b054ae9006828887684
Size

839KB
Sample

221203-gkbz7adf5x
MD5

d1fb267dc31af89921014906e6f7a930
SHA1

c6d6dface780689d33e06e45f9ebbdcca5075a10
SHA256

c11254d671e63f3618d3d7875316fbaeba10034902d51b054ae9006828887684
SHA512

2a5a827288d957dd8c5d3bfd057a233bfd4cb7fbf3d7f902838e12c77638a717de4bfce96599da5cee47d2addf75cc03a4f3a6460eb3c6aec51687d93c1e56fb
SSDEEP

24576:q3hR0iHEEv6Nayj+xFOuzRiEk72aNUKf+Ee9p:q3hR0iHV6IySxFOui7tqEej

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  c11254d671e63f3618d3d7875316fbaeba10034902d51b054ae9006828887684
- Size
  
  839KB
- MD5
  
  d1fb267dc31af89921014906e6f7a930
- SHA1
  
  c6d6dface780689d33e06e45f9ebbdcca5075a10
- SHA256
  
  c11254d671e63f3618d3d7875316fbaeba10034902d51b054ae9006828887684
- SHA512
  
  2a5a827288d957dd8c5d3bfd057a233bfd4cb7fbf3d7f902838e12c77638a717de4bfce96599da5cee47d2addf75cc03a4f3a6460eb3c6aec51687d93c1e56fb
- SSDEEP
  
  24576:q3hR0iHEEv6Nayj+xFOuzRiEk72aNUKf+Ee9p:q3hR0iHV6IySxFOui7tqEej
Score

8^/10

bootkit persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence