fbe3a7a59fa313814fceb7d94e14e8be5a6959ccb34a54e0f8d25228293dbace | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fbe3a7a59fa313814fceb7d94e14e8be5a6959ccb34a54e0f8d25228293dbace
Size

432KB
Sample

221203-xm1pbsff57
MD5

50baee9c599a3372da5d5f1efb67b096
SHA1

d106f1291c1f48e29387497bf5380dcc8828f846
SHA256

fbe3a7a59fa313814fceb7d94e14e8be5a6959ccb34a54e0f8d25228293dbace
SHA512

0514176844d189ed16eca5e35c12781c8aea2c0ef4861af12cbce762c286dd246d26006e28256ac99c18f89902fb52f0af9aaab0aa5fcf5b9bfa7d3d5b8d88b1
SSDEEP

6144:nBF91mW7WdoADYwUdZMPCn4jF9GZtMtGOkq84BVMfj:l1mteWZcMPY4jFAZxhq84BVML

Score

10^/10

bootkit evasion persistence

Malware Config

Targets

- Target
  
  fbe3a7a59fa313814fceb7d94e14e8be5a6959ccb34a54e0f8d25228293dbace
- Size
  
  432KB
- MD5
  
  50baee9c599a3372da5d5f1efb67b096
- SHA1
  
  d106f1291c1f48e29387497bf5380dcc8828f846
- SHA256
  
  fbe3a7a59fa313814fceb7d94e14e8be5a6959ccb34a54e0f8d25228293dbace
- SHA512
  
  0514176844d189ed16eca5e35c12781c8aea2c0ef4861af12cbce762c286dd246d26006e28256ac99c18f89902fb52f0af9aaab0aa5fcf5b9bfa7d3d5b8d88b1
- SSDEEP
  
  6144:nBF91mW7WdoADYwUdZMPCn4jF9GZtMtGOkq84BVMfj:l1mteWZcMPY4jFAZxhq84BVML
Score

10^/10

bootkit evasion persistence
- Modifies firewall policy service
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistence

behavioral2

bootkitevasionpersistence