Overview

overview

7

Static

static

1

8a0c95be8a...2b.exe

windows7-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a0c95be8a40ae5419f7d97bb3e91b2b

  • Size

    405KB

  • Sample

    230315-tpqelagd4t

  • MD5

    8a0c95be8a40ae5419f7d97bb3e91b2b

  • SHA1

    3fb703474bc750c5e99da9ad5426128a8936a118

  • SHA256

    b04637c11c63dd5a4a599d7104f0c5880717b5d5b32e0104de5a416963f06118

  • SHA512

    2a474d39e985907afc0e7ea0ef0d46d0978ff60a19f3048578d6328228aad530340e3d1291fbd7da3368308501e81cacd4854c0f8b5e0bc634eb0860254935c8

  • SSDEEP

    12288:v2EBbXiJU1L1l8XgxixExbY9+fZlYeFk9kZRyQWwVzxu:v2EVXiu1BlnxixExb3ptZUQP4

Score
7/10
bootkitpersistence

Malware Config

Targets

    • Target

      8a0c95be8a40ae5419f7d97bb3e91b2b

    • Size

      405KB

    • MD5

      8a0c95be8a40ae5419f7d97bb3e91b2b

    • SHA1

      3fb703474bc750c5e99da9ad5426128a8936a118

    • SHA256

      b04637c11c63dd5a4a599d7104f0c5880717b5d5b32e0104de5a416963f06118

    • SHA512

      2a474d39e985907afc0e7ea0ef0d46d0978ff60a19f3048578d6328228aad530340e3d1291fbd7da3368308501e81cacd4854c0f8b5e0bc634eb0860254935c8

    • SSDEEP

      12288:v2EBbXiJU1L1l8XgxixExbY9+fZlYeFk9kZRyQWwVzxu:v2EVXiu1BlnxixExb3ptZUQP4

    Score
    7/10
    bootkitpersistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks