92b38091f9f7e830d083f33f0303640cf381c302d03ec3cc742fee1312216e31 | Triage

Sharing

General

Target

92b38091f9f7e830d083f33f0303640cf381c302d03ec3cc742fee1312216e31
Size

4.9MB
Sample

230216-fgkbqafh59
MD5

2ecf1b072a18a1422cf930b11e2c3247
SHA1

d9ca379437a0fa5906c5742c18a896c5c4ea5709
SHA256

92b38091f9f7e830d083f33f0303640cf381c302d03ec3cc742fee1312216e31
SHA512

f451b0f1cda54262ab75839a0acca849715dbf686a19087192ebd1e78ca1b88377e96553efeeb650c2ecb35f923331af348f713cb461113b7fd03f64ef05cb2a
SSDEEP

98304:fBHB2pne7a1mN1E8lkcf5YjovKqGYiOE8oLj5jIrHL3GqHqh:fv1GGE5gyjovK65E8oqjLPu

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  92b38091f9f7e830d083f33f0303640cf381c302d03ec3cc742fee1312216e31
- Size
  
  4.9MB
- MD5
  
  2ecf1b072a18a1422cf930b11e2c3247
- SHA1
  
  d9ca379437a0fa5906c5742c18a896c5c4ea5709
- SHA256
  
  92b38091f9f7e830d083f33f0303640cf381c302d03ec3cc742fee1312216e31
- SHA512
  
  f451b0f1cda54262ab75839a0acca849715dbf686a19087192ebd1e78ca1b88377e96553efeeb650c2ecb35f923331af348f713cb461113b7fd03f64ef05cb2a
- SSDEEP
  
  98304:fBHB2pne7a1mN1E8lkcf5YjovKqGYiOE8oLj5jIrHL3GqHqh:fv1GGE5gyjovK65E8oqjLPu
Score

8^/10

bootkit persistence
- Blocklisted process makes network request
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2