4dd2e1457151f0fd690d3710cf1f5fd932cf87e7141ded39f4e8aad72f02aecb | Triage

Sharing

General

Target

4dd2e1457151f0fd690d3710cf1f5fd932cf87e7141ded39f4e8aad72f02aecb
Size

841KB
Sample

221203-xevs4seh69
MD5

cf47ee9f9d6fb14dd856308505c3229c
SHA1

1701e546ec25237b5890d05f4a4d90dfc2c4b7ac
SHA256

4dd2e1457151f0fd690d3710cf1f5fd932cf87e7141ded39f4e8aad72f02aecb
SHA512

ecdbaba1320167bd2113f77a29d9c95f9c3680cd71a3f32fd41238eff0741b3964540655e0dcb9ace508966807839d3f2edb04d81749920dfb2c4967538d8b55
SSDEEP

24576:70MdxO63Kc5PTgIfQQAnOsRJo0swQTtNGRPo:70QxO63p90IYQiOL025U

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  4dd2e1457151f0fd690d3710cf1f5fd932cf87e7141ded39f4e8aad72f02aecb
- Size
  
  841KB
- MD5
  
  cf47ee9f9d6fb14dd856308505c3229c
- SHA1
  
  1701e546ec25237b5890d05f4a4d90dfc2c4b7ac
- SHA256
  
  4dd2e1457151f0fd690d3710cf1f5fd932cf87e7141ded39f4e8aad72f02aecb
- SHA512
  
  ecdbaba1320167bd2113f77a29d9c95f9c3680cd71a3f32fd41238eff0741b3964540655e0dcb9ace508966807839d3f2edb04d81749920dfb2c4967538d8b55
- SSDEEP
  
  24576:70MdxO63Kc5PTgIfQQAnOsRJo0swQTtNGRPo:70QxO63p90IYQiOL025U
Score

8^/10

bootkit persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence