cb71fd0b1308c9b3c9088368074774e08633f4a7d1fcb80cdb4865a2d3ac3c41 | Triage

Sharing

General

Target

cb71fd0b1308c9b3c9088368074774e08633f4a7d1fcb80cdb4865a2d3ac3c41
Size

4.8MB
Sample

230317-esk7qaeb84
MD5

39d67feb8124643f38651849ca0c1084
SHA1

172a4189c4c1da8d83ef3548367d96706dcb1cb8
SHA256

cb71fd0b1308c9b3c9088368074774e08633f4a7d1fcb80cdb4865a2d3ac3c41
SHA512

18167a8df1274f8145a181fb519f1702b9aaee6ae53cb88e7b05f5278ec6150b6077339389ed1db91d937dc1bbc901324a65f3785cdc86fdf8ba3e938f8d7e22
SSDEEP

98304:fBHB2pne7a1mN1E8lkcf5YjovKqGYiOE8oLj5jIrHL3GqHE:fv1GGE5gyjovK65E8oqjLPE

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  cb71fd0b1308c9b3c9088368074774e08633f4a7d1fcb80cdb4865a2d3ac3c41
- Size
  
  4.8MB
- MD5
  
  39d67feb8124643f38651849ca0c1084
- SHA1
  
  172a4189c4c1da8d83ef3548367d96706dcb1cb8
- SHA256
  
  cb71fd0b1308c9b3c9088368074774e08633f4a7d1fcb80cdb4865a2d3ac3c41
- SHA512
  
  18167a8df1274f8145a181fb519f1702b9aaee6ae53cb88e7b05f5278ec6150b6077339389ed1db91d937dc1bbc901324a65f3785cdc86fdf8ba3e938f8d7e22
- SSDEEP
  
  98304:fBHB2pne7a1mN1E8lkcf5YjovKqGYiOE8oLj5jIrHL3GqHE:fv1GGE5gyjovK65E8oqjLPE
Score

8^/10

bootkit persistence
- Blocklisted process makes network request
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2