a2fdb15acbdd8c3c7489173437839d15a364a30026cfdb1f2c75a92e782f0834 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a2fdb15acbdd8c3c7489173437839d15a364a30026cfdb1f2c75a92e782f0834
Size

420KB
Sample

221205-ggmyaabb25
MD5

71ac5addc013828b91359648f0133f51
SHA1

0a563f6be753362b770b2eacb375f1541d3df4a3
SHA256

a2fdb15acbdd8c3c7489173437839d15a364a30026cfdb1f2c75a92e782f0834
SHA512

230c7a9dd1de077de076b26416f18b58ebbebb70328ef5e30796a99abec0e972079fbf9cf7d18e1e6f7b86bf352f810bac881cc5a7c9e52cc143aebe43b01645
SSDEEP

6144:k+gEEY+LJHi8zKRKfdlO4s4jF9GZpMtGOkq84BVMZ:kaEYOJHi0KRKw4jFAZdhq84BVM

Score

10^/10

bootkit evasion persistence

Malware Config

Targets

- Target
  
  a2fdb15acbdd8c3c7489173437839d15a364a30026cfdb1f2c75a92e782f0834
- Size
  
  420KB
- MD5
  
  71ac5addc013828b91359648f0133f51
- SHA1
  
  0a563f6be753362b770b2eacb375f1541d3df4a3
- SHA256
  
  a2fdb15acbdd8c3c7489173437839d15a364a30026cfdb1f2c75a92e782f0834
- SHA512
  
  230c7a9dd1de077de076b26416f18b58ebbebb70328ef5e30796a99abec0e972079fbf9cf7d18e1e6f7b86bf352f810bac881cc5a7c9e52cc143aebe43b01645
- SSDEEP
  
  6144:k+gEEY+LJHi8zKRKfdlO4s4jF9GZpMtGOkq84BVMZ:kaEYOJHi0KRKw4jFAZdhq84BVM
Score

10^/10

bootkit evasion persistence
- Modifies firewall policy service
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistence

behavioral2

bootkitevasionpersistence