085f60c7c5ba4e822d57ba5a070d6dd2488a6cd8dd89bcbd32881dc669ea0adf | Triage

Sharing

General

Target

085f60c7c5ba4e822d57ba5a070d6dd2488a6cd8dd89bcbd32881dc669ea0adf
Size

2.4MB
Sample

230316-c8xvcage89
MD5

493b2ef9a10f14df9c353ff30b9aca30
SHA1

5a8f18891100fd2de61a2fa52e95b820ace64aa9
SHA256

085f60c7c5ba4e822d57ba5a070d6dd2488a6cd8dd89bcbd32881dc669ea0adf
SHA512

33d168c0c54379e64fdc30f100cbf71e9df93a765d05fe0c7747ae0a1f81cc4d17944ad29181152203fcd0c78ffed97ec78de08a55715b4e69e38764dab6526f
SSDEEP

49152:jKrkgPrwogw9i0DRIpshn6WTvzhbPqEILD/izczWmalUnHW5:uQgzwoTo0D6shn6abWf0aWNC25

Score

9^/10

bootkit evasion persistence

Malware Config

Targets

- Target
  
  085f60c7c5ba4e822d57ba5a070d6dd2488a6cd8dd89bcbd32881dc669ea0adf
- Size
  
  2.4MB
- MD5
  
  493b2ef9a10f14df9c353ff30b9aca30
- SHA1
  
  5a8f18891100fd2de61a2fa52e95b820ace64aa9
- SHA256
  
  085f60c7c5ba4e822d57ba5a070d6dd2488a6cd8dd89bcbd32881dc669ea0adf
- SHA512
  
  33d168c0c54379e64fdc30f100cbf71e9df93a765d05fe0c7747ae0a1f81cc4d17944ad29181152203fcd0c78ffed97ec78de08a55715b4e69e38764dab6526f
- SSDEEP
  
  49152:jKrkgPrwogw9i0DRIpshn6WTvzhbPqEILD/izczWmalUnHW5:uQgzwoTo0D6shn6abWf0aWNC25
Score

9^/10

bootkit evasion persistence
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitevasionpersistence

behavioral2

bootkitevasionpersistence