be1da7c4ebb70d7cb9c5fbc8d9766b3777c58d8c3c7cc0409aac63411e03558e | Triage

Sharing

General

Target

be1da7c4ebb70d7cb9c5fbc8d9766b3777c58d8c3c7cc0409aac63411e03558e
Size

5.0MB
Sample

221206-cz1vmsha75
MD5

8a4fc6b5a6ca929ab1e0b1082ee14fc8
SHA1

e49da267867db9d2c46be9d914b6fd307d206654
SHA256

be1da7c4ebb70d7cb9c5fbc8d9766b3777c58d8c3c7cc0409aac63411e03558e
SHA512

06ae0d783af382add0db7caaf15535dbafef871a80e658fd5775d334c296d450d973370cc5d1f30423a1c5ecc55bfbb5f17a9162d49d389173ada5870013c807
SSDEEP

98304:fBHB2pne7a1mN1E8lkcf5YjovKqGYiOE8oLj5jIrHL3GqHqUv:fv1GGE5gyjovK65E8oqjLP3v

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  be1da7c4ebb70d7cb9c5fbc8d9766b3777c58d8c3c7cc0409aac63411e03558e
- Size
  
  5.0MB
- MD5
  
  8a4fc6b5a6ca929ab1e0b1082ee14fc8
- SHA1
  
  e49da267867db9d2c46be9d914b6fd307d206654
- SHA256
  
  be1da7c4ebb70d7cb9c5fbc8d9766b3777c58d8c3c7cc0409aac63411e03558e
- SHA512
  
  06ae0d783af382add0db7caaf15535dbafef871a80e658fd5775d334c296d450d973370cc5d1f30423a1c5ecc55bfbb5f17a9162d49d389173ada5870013c807
- SSDEEP
  
  98304:fBHB2pne7a1mN1E8lkcf5YjovKqGYiOE8oLj5jIrHL3GqHqUv:fv1GGE5gyjovK65E8oqjLP3v
Score

8^/10

bootkit persistence
- Blocklisted process makes network request
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2