e1b75ed8f7a7ea7b6516014a823947fae337c902e9913f96ab849d79b994583e | Triage

Sharing

General

Target

e1b75ed8f7a7ea7b6516014a823947fae337c902e9913f96ab849d79b994583e
Size

5.2MB
Sample

230318-mj1vtaea5x
MD5

4895fcba3d5327ef60c74358aa8f8ee2
SHA1

18d4981345c20487e9d7187b096f054e2e115c59
SHA256

e1b75ed8f7a7ea7b6516014a823947fae337c902e9913f96ab849d79b994583e
SHA512

d1996dbbbc842adfed4d346d18f5e06a24cc1ce3bbfffce311438d55afa1865ffed67fab685e7cfb8d8abfd55b7d76aec031f1a11456a42258d0530fafbf92e0
SSDEEP

98304:8XWL95fDN2hWVYc0wR5rhRNb0cE+SA8tNmef9ycNBg8RCkR5:8XWLNuWac0sHRWcfbQAIxf9IK

Score

8^/10

bootkit evasion persistence

Malware Config

Targets

- Target
  
  e1b75ed8f7a7ea7b6516014a823947fae337c902e9913f96ab849d79b994583e
- Size
  
  5.2MB
- MD5
  
  4895fcba3d5327ef60c74358aa8f8ee2
- SHA1
  
  18d4981345c20487e9d7187b096f054e2e115c59
- SHA256
  
  e1b75ed8f7a7ea7b6516014a823947fae337c902e9913f96ab849d79b994583e
- SHA512
  
  d1996dbbbc842adfed4d346d18f5e06a24cc1ce3bbfffce311438d55afa1865ffed67fab685e7cfb8d8abfd55b7d76aec031f1a11456a42258d0530fafbf92e0
- SSDEEP
  
  98304:8XWL95fDN2hWVYc0wR5rhRNb0cE+SA8tNmef9ycNBg8RCkR5:8XWLNuWac0sHRWcfbQAIxf9IK
Score

8^/10

bootkit evasion persistence
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Modify Existing Service

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistence

behavioral2

bootkitevasionpersistence