b041437d3bbf92fb979aad36c89f3357165c68274eef537628b5619b3e06c282 | Triage

Sharing

General

Target

b041437d3bbf92fb979aad36c89f3357165c68274eef537628b5619b3e06c282
Size

207KB
Sample

221204-dcjhhsee4t
MD5

064a09c8a73cfd12ced9bd0f8550a9b9
SHA1

91d7bc9b286aaa6ccc1b3b233a01523c3ed3d6a2
SHA256

b041437d3bbf92fb979aad36c89f3357165c68274eef537628b5619b3e06c282
SHA512

9472cb300bd17e1e34587da99795704f8f9cbdeaeb5998cc0beb134bf80de1280512d89662d12b043d1e37d1bf1b48d347e7e1e549aa26ea1faf3c2f6569e234
SSDEEP

3072:lDxaR5h98jmGRngHtupeGUaFPmgRMNlPTGQQm6ytwZEsrYkK4E7/AD:loN8NRngNi98gWNlPTGQQm6agrdoAD

Score

10^/10

bootkit evasion persistence

Malware Config

Targets

- Target
  
  b041437d3bbf92fb979aad36c89f3357165c68274eef537628b5619b3e06c282
- Size
  
  207KB
- MD5
  
  064a09c8a73cfd12ced9bd0f8550a9b9
- SHA1
  
  91d7bc9b286aaa6ccc1b3b233a01523c3ed3d6a2
- SHA256
  
  b041437d3bbf92fb979aad36c89f3357165c68274eef537628b5619b3e06c282
- SHA512
  
  9472cb300bd17e1e34587da99795704f8f9cbdeaeb5998cc0beb134bf80de1280512d89662d12b043d1e37d1bf1b48d347e7e1e549aa26ea1faf3c2f6569e234
- SSDEEP
  
  3072:lDxaR5h98jmGRngHtupeGUaFPmgRMNlPTGQQm6ytwZEsrYkK4E7/AD:loN8NRngNi98gWNlPTGQQm6agrdoAD
Score

10^/10

bootkit evasion persistence
- Modifies security service
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistence

behavioral2

evasionpersistence