ef3da4b7c93da3194641787efe3970ad772ae3ae92e6190812f10625ebcf273c | Triage

Sharing

General

Target

tofminiloader_Zw7BIGNgiVU.wg.intl.exe
Size

8.9MB
Sample

230318-dbmtjsba29
MD5

4b7aa444a4e50067e90c8af2193f7a86
SHA1

8be7995cba623189df35644d108a9ebe0c4d9c15
SHA256

ef3da4b7c93da3194641787efe3970ad772ae3ae92e6190812f10625ebcf273c
SHA512

5ae1ef36d45d7d11676f2eea3649255613701a0ff55e691817a16d1dd865a07d9c365c5a34beaf597a1b53dbe77dc48c2fcc018eb2d16e36910bc73b82290256
SSDEEP

196608:BcxYsc9FA9NOKfMoQMeGt6NMxA2jDDQZY5WF5r4T9ksQAv:O2sR9UK3QrGt6NiAJNd4TeAv

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  tofminiloader_Zw7BIGNgiVU.wg.intl.exe
- Size
  
  8.9MB
- MD5
  
  4b7aa444a4e50067e90c8af2193f7a86
- SHA1
  
  8be7995cba623189df35644d108a9ebe0c4d9c15
- SHA256
  
  ef3da4b7c93da3194641787efe3970ad772ae3ae92e6190812f10625ebcf273c
- SHA512
  
  5ae1ef36d45d7d11676f2eea3649255613701a0ff55e691817a16d1dd865a07d9c365c5a34beaf597a1b53dbe77dc48c2fcc018eb2d16e36910bc73b82290256
- SSDEEP
  
  196608:BcxYsc9FA9NOKfMoQMeGt6NMxA2jDDQZY5WF5r4T9ksQAv:O2sR9UK3QrGt6NiAJNd4TeAv
Score

7^/10

bootkit persistence
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence