Overview

overview

8

Static

static

1

2631d5bfd4...6f.dll

windows7-x64

8

2631d5bfd4...6f.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2631d5bfd4b0343d3cc43e7c2fee20e7c8c866a88361085885fb5917d289ed6f

  • Size

    4.1MB

  • Sample

    230323-1xt63sad82

  • MD5

    b6c11e61d991c6c2763a5e231b91c359

  • SHA1

    ed47178039a1326354ca9db5b809cafd2a1488a6

  • SHA256

    2631d5bfd4b0343d3cc43e7c2fee20e7c8c866a88361085885fb5917d289ed6f

  • SHA512

    eeea6ee0c8ef774d964df09e30c1414a941797470f54ff3c5a1346c0d49421e179ff42417bae563a9af82943c6e3b534748cff4bd1162a07c94beb210e0fcac8

  • SSDEEP

    98304:fBHB2pne7a1mN1E8lkcf5YjovKqGYiOE8oLj5jIrC:fv1GGE5gyjovK65E8oqe

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      2631d5bfd4b0343d3cc43e7c2fee20e7c8c866a88361085885fb5917d289ed6f

    • Size

      4.1MB

    • MD5

      b6c11e61d991c6c2763a5e231b91c359

    • SHA1

      ed47178039a1326354ca9db5b809cafd2a1488a6

    • SHA256

      2631d5bfd4b0343d3cc43e7c2fee20e7c8c866a88361085885fb5917d289ed6f

    • SHA512

      eeea6ee0c8ef774d964df09e30c1414a941797470f54ff3c5a1346c0d49421e179ff42417bae563a9af82943c6e3b534748cff4bd1162a07c94beb210e0fcac8

    • SSDEEP

      98304:fBHB2pne7a1mN1E8lkcf5YjovKqGYiOE8oLj5jIrC:fv1GGE5gyjovK65E8oqe

    Score
    8/10
    bootkitpersistence

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks