General

  • Target

    NTLite.exe

  • Size

    20.0MB

  • Sample

    230323-eazbmadc96

  • MD5

    74b7592edb775dee162eed9750018e7d

  • SHA1

    33c3fd86bb6ff4afad6178fd8fb6a6f07c289bb2

  • SHA256

    6039e76ac86b05f0f23e6affae27fcffca591307100c130bb511a730693542ab

  • SHA512

    fe0d7f0c9b50932c0ca33ce6ac1cb42c091c59e7f5411241f35419989ba829a39e1a0b27a1ffb5f3dde684cd0d8527243a8360a00ca3321c98bd12b215e81caf

  • SSDEEP

    393216:Uab3sH8ZUYtT2hO0Xn2iDR2qACKjNGklb0feqJ7C9s45NXXmZ6F9V:U3y182id2qA/Nb4tQP9F9V

Score
6/10

Malware Config

Targets

    • Target

      NTLite.exe

    • Size

      20.0MB

    • MD5

      74b7592edb775dee162eed9750018e7d

    • SHA1

      33c3fd86bb6ff4afad6178fd8fb6a6f07c289bb2

    • SHA256

      6039e76ac86b05f0f23e6affae27fcffca591307100c130bb511a730693542ab

    • SHA512

      fe0d7f0c9b50932c0ca33ce6ac1cb42c091c59e7f5411241f35419989ba829a39e1a0b27a1ffb5f3dde684cd0d8527243a8360a00ca3321c98bd12b215e81caf

    • SSDEEP

      393216:Uab3sH8ZUYtT2hO0Xn2iDR2qACKjNGklb0feqJ7C9s45NXXmZ6F9V:U3y182id2qA/Nb4tQP9F9V

    Score
    6/10
    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Bootkit

1
T1067

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks