General
-
Target
NTLite.exe
-
Size
8.3MB
-
Sample
230323-eknymsfc8v
-
MD5
cca72a4a4fd0dc2c2d8cec4ad740cc20
-
SHA1
1f94e470ea19d97ad6b730192e5ccfaa129d76bd
-
SHA256
c481396f3c2527ff736d7c47c19603c06baea30f6128e2c0ed1732fab41f779f
-
SHA512
28f002e5f244800751bb51a0450601a82b37e52623740302763eb8232ee6dcd48daf4052fcd5c283cd31cd0bc76536c88e8607fd975e8d220d0f0445fabb3d16
-
SSDEEP
196608:2qZXXEYRW/H0hbcsv23ouHCRZ5MRyM3NzM0zbEJV7dI2x:2qpEYsCcw23ouH+ZKzKV7+e
Static task
static1
Behavioral task
behavioral1
Sample
NTLite.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
NTLite.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
NTLite.exe
-
Size
8.3MB
-
MD5
cca72a4a4fd0dc2c2d8cec4ad740cc20
-
SHA1
1f94e470ea19d97ad6b730192e5ccfaa129d76bd
-
SHA256
c481396f3c2527ff736d7c47c19603c06baea30f6128e2c0ed1732fab41f779f
-
SHA512
28f002e5f244800751bb51a0450601a82b37e52623740302763eb8232ee6dcd48daf4052fcd5c283cd31cd0bc76536c88e8607fd975e8d220d0f0445fabb3d16
-
SSDEEP
196608:2qZXXEYRW/H0hbcsv23ouHCRZ5MRyM3NzM0zbEJV7dI2x:2qpEYsCcw23ouH+ZKzKV7+e
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-