General
-
Target
NTLite.exe
-
Size
20.0MB
-
Sample
230323-eazbmadc96
-
MD5
74b7592edb775dee162eed9750018e7d
-
SHA1
33c3fd86bb6ff4afad6178fd8fb6a6f07c289bb2
-
SHA256
6039e76ac86b05f0f23e6affae27fcffca591307100c130bb511a730693542ab
-
SHA512
fe0d7f0c9b50932c0ca33ce6ac1cb42c091c59e7f5411241f35419989ba829a39e1a0b27a1ffb5f3dde684cd0d8527243a8360a00ca3321c98bd12b215e81caf
-
SSDEEP
393216:Uab3sH8ZUYtT2hO0Xn2iDR2qACKjNGklb0feqJ7C9s45NXXmZ6F9V:U3y182id2qA/Nb4tQP9F9V
Static task
static1
Behavioral task
behavioral1
Sample
NTLite.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
NTLite.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
NTLite.exe
-
Size
20.0MB
-
MD5
74b7592edb775dee162eed9750018e7d
-
SHA1
33c3fd86bb6ff4afad6178fd8fb6a6f07c289bb2
-
SHA256
6039e76ac86b05f0f23e6affae27fcffca591307100c130bb511a730693542ab
-
SHA512
fe0d7f0c9b50932c0ca33ce6ac1cb42c091c59e7f5411241f35419989ba829a39e1a0b27a1ffb5f3dde684cd0d8527243a8360a00ca3321c98bd12b215e81caf
-
SSDEEP
393216:Uab3sH8ZUYtT2hO0Xn2iDR2qACKjNGklb0feqJ7C9s45NXXmZ6F9V:U3y182id2qA/Nb4tQP9F9V
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-