ce033e7122990b1c13c24241080daabafa824c7fea207f69f7b20879373c8488 | Triage

Sharing

General

Target

ce033e7122990b1c13c24241080daabafa824c7fea207f69f7b20879373c8488
Size

439KB
Sample

221207-b6m2pade68
MD5

6ac19eb52854a4c54f1d15a47006ca40
SHA1

2c047a3096d2eae93f10e81b305db188373dac5f
SHA256

ce033e7122990b1c13c24241080daabafa824c7fea207f69f7b20879373c8488
SHA512

ea881065669ece3200ea0db646f6726bebcfa014320b96da07849c74c19a998250ab1733533e4e33038f804f74358d5a4690e172bbc469c9f74c10b925de1449
SSDEEP

12288:3ci5MfnJSDaSwr3qH+w6NAxcLAcRdAP8QLY7/1C7Jz:3chwDaSs3k+w6ocLAcvAP9YT1k

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  ce033e7122990b1c13c24241080daabafa824c7fea207f69f7b20879373c8488
- Size
  
  439KB
- MD5
  
  6ac19eb52854a4c54f1d15a47006ca40
- SHA1
  
  2c047a3096d2eae93f10e81b305db188373dac5f
- SHA256
  
  ce033e7122990b1c13c24241080daabafa824c7fea207f69f7b20879373c8488
- SHA512
  
  ea881065669ece3200ea0db646f6726bebcfa014320b96da07849c74c19a998250ab1733533e4e33038f804f74358d5a4690e172bbc469c9f74c10b925de1449
- SSDEEP
  
  12288:3ci5MfnJSDaSwr3qH+w6NAxcLAcRdAP8QLY7/1C7Jz:3chwDaSs3k+w6ocLAcvAP9YT1k
Score

8^/10

bootkit persistence
- Blocklisted process makes network request
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence