138ddc03dc3ec84727bd1b5c3374d325e373971980e288ecf28366363c83a71d | Triage

Sharing

General

Target

138ddc03dc3ec84727bd1b5c3374d325e373971980e288ecf28366363c83a71d
Size

2.0MB
Sample

221217-xq4kdshb82
MD5

bba24aab3e1746f6de73404a1377d8ec
SHA1

d4afbf943b3ede26d2a862d6f71fcde7eb5fc7a9
SHA256

138ddc03dc3ec84727bd1b5c3374d325e373971980e288ecf28366363c83a71d
SHA512

e26f7f5d84261ace5e728f7c418046be22be70b0713a48aa8f42942cdc374d681a560115031a1dad67e1bfafdcf422eb64a333f7ba91d9f87b59346d11db2f46
SSDEEP

49152:4ImzpJJeD1EIDR3WmuDadUuNi/SOmvVfCvG1GyY3:dmzlebmbDadUnKOmcT

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  138ddc03dc3ec84727bd1b5c3374d325e373971980e288ecf28366363c83a71d
- Size
  
  2.0MB
- MD5
  
  bba24aab3e1746f6de73404a1377d8ec
- SHA1
  
  d4afbf943b3ede26d2a862d6f71fcde7eb5fc7a9
- SHA256
  
  138ddc03dc3ec84727bd1b5c3374d325e373971980e288ecf28366363c83a71d
- SHA512
  
  e26f7f5d84261ace5e728f7c418046be22be70b0713a48aa8f42942cdc374d681a560115031a1dad67e1bfafdcf422eb64a333f7ba91d9f87b59346d11db2f46
- SSDEEP
  
  49152:4ImzpJJeD1EIDR3WmuDadUuNi/SOmvVfCvG1GyY3:dmzlebmbDadUnKOmcT
Score

8^/10

bootkit persistence
- Blocklisted process makes network request
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2