Overview

overview

6

Static

static

1

NTLite.exe

windows7-x64

1

NTLite.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NTLite.exe

  • Size

    8.3MB

  • Sample

    230323-eknymsfc8v

  • MD5

    cca72a4a4fd0dc2c2d8cec4ad740cc20

  • SHA1

    1f94e470ea19d97ad6b730192e5ccfaa129d76bd

  • SHA256

    c481396f3c2527ff736d7c47c19603c06baea30f6128e2c0ed1732fab41f779f

  • SHA512

    28f002e5f244800751bb51a0450601a82b37e52623740302763eb8232ee6dcd48daf4052fcd5c283cd31cd0bc76536c88e8607fd975e8d220d0f0445fabb3d16

  • SSDEEP

    196608:2qZXXEYRW/H0hbcsv23ouHCRZ5MRyM3NzM0zbEJV7dI2x:2qpEYsCcw23ouH+ZKzKV7+e

Score
6/10
bootkitpersistence

Malware Config

Targets

    • Target

      NTLite.exe

    • Size

      8.3MB

    • MD5

      cca72a4a4fd0dc2c2d8cec4ad740cc20

    • SHA1

      1f94e470ea19d97ad6b730192e5ccfaa129d76bd

    • SHA256

      c481396f3c2527ff736d7c47c19603c06baea30f6128e2c0ed1732fab41f779f

    • SHA512

      28f002e5f244800751bb51a0450601a82b37e52623740302763eb8232ee6dcd48daf4052fcd5c283cd31cd0bc76536c88e8607fd975e8d220d0f0445fabb3d16

    • SSDEEP

      196608:2qZXXEYRW/H0hbcsv23ouHCRZ5MRyM3NzM0zbEJV7dI2x:2qpEYsCcw23ouH+ZKzKV7+e

    Score
    6/10
    bootkitpersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks