1fd44f53bae4369a177295b93322f331112e67f7357e07ceef475a52f34918a0 | Triage

Sharing

General

Target

1fd44f53bae4369a177295b93322f331112e67f7357e07ceef475a52f34918a0
Size

7.4MB
Sample

221204-dq8dssfg21
MD5

ad0541f1a98fec199c33580c11bebb50
SHA1

74114e04912f606b98aca27e5a57f46236f61bd2
SHA256

1fd44f53bae4369a177295b93322f331112e67f7357e07ceef475a52f34918a0
SHA512

aee734d5487c071e8b64c59f4f6e5fd819c20112682888ebc0671eefe325aa0c254a433b822b0ca558c662f1d9fb4d212616c3922eca50329a35caae347e5343
SSDEEP

98304:Y2F/rBjd+nbf5ewT0f+2Ck7XbJUjC3AMDb7Kz/Ec0gD6aZaQhB104uwoPWvY:xbmbhewo22RXbajYHHuL0gjBhBIWvY

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  1fd44f53bae4369a177295b93322f331112e67f7357e07ceef475a52f34918a0
- Size
  
  7.4MB
- MD5
  
  ad0541f1a98fec199c33580c11bebb50
- SHA1
  
  74114e04912f606b98aca27e5a57f46236f61bd2
- SHA256
  
  1fd44f53bae4369a177295b93322f331112e67f7357e07ceef475a52f34918a0
- SHA512
  
  aee734d5487c071e8b64c59f4f6e5fd819c20112682888ebc0671eefe325aa0c254a433b822b0ca558c662f1d9fb4d212616c3922eca50329a35caae347e5343
- SSDEEP
  
  98304:Y2F/rBjd+nbf5ewT0f+2Ck7XbJUjC3AMDb7Kz/Ec0gD6aZaQhB104uwoPWvY:xbmbhewo22RXbajYHHuL0gjBhBIWvY
Score

8^/10

bootkit persistence
- Blocklisted process makes network request
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2