b2fcaea02abf7abbc1387b95488f117ad8f21458c8b9ab2e11a6719af50701d5 | Triage

Sharing

General

Target

b2fcaea02abf7abbc1387b95488f117ad8f21458c8b9ab2e11a6719af50701d5
Size

55KB
Sample

221205-kfe3tsga21
MD5

00126a09b5b5e0374c597c7d1f330a3f
SHA1

55d7c6714064542a22eb30fa098062f0d1b6f2f2
SHA256

b2fcaea02abf7abbc1387b95488f117ad8f21458c8b9ab2e11a6719af50701d5
SHA512

9cd550de1e20ceec31f90f2031923f578e6beeb0907fa6cdbb1aac2c39f99fa2d04161a19d1a147d64200b3744f6363c5ec2f78ae8ef70debcd73fbf98493f7d
SSDEEP

1536:wNxcWwRNA9HaACpBT6cyx0NrgpDspx5blai/LyA:SxcRWajw0Njp1by

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  b2fcaea02abf7abbc1387b95488f117ad8f21458c8b9ab2e11a6719af50701d5
- Size
  
  55KB
- MD5
  
  00126a09b5b5e0374c597c7d1f330a3f
- SHA1
  
  55d7c6714064542a22eb30fa098062f0d1b6f2f2
- SHA256
  
  b2fcaea02abf7abbc1387b95488f117ad8f21458c8b9ab2e11a6719af50701d5
- SHA512
  
  9cd550de1e20ceec31f90f2031923f578e6beeb0907fa6cdbb1aac2c39f99fa2d04161a19d1a147d64200b3744f6363c5ec2f78ae8ef70debcd73fbf98493f7d
- SSDEEP
  
  1536:wNxcWwRNA9HaACpBT6cyx0NrgpDspx5blai/LyA:SxcRWajw0Njp1by
Score

8^/10

bootkit persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence