Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

free-fire-gameloop-1-94-1.exe
Size

3MB
Sample

230325-t5jlzsfe9z
MD5

4dd66324d20bb685f7186f5759db3996
SHA1

9d9377f2a3817f7cfb2994585a26bc18785858d2
SHA256

3a2846143d7bf192e0dc3bcdbe6245ebc71cbc8de527f07b194e1e559c74fdac
SHA512

0126e01073374400598660bce59145c7b12bfcea3efdf0e30f1faa5acc7c7b3fdef608af1459da9951ce546f5f3b02e97b4c657a2bd271aa7663e1c77cda64b4
SSDEEP

98304:yTyXLwBG1SqaMx+Ww1hWu0Dr74tKEhqt6:yTBACww6DI4mq8

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  free-fire-gameloop-1-94-1.exe
- Size
  
  3MB
- MD5
  
  4dd66324d20bb685f7186f5759db3996
- SHA1
  
  9d9377f2a3817f7cfb2994585a26bc18785858d2
- SHA256
  
  3a2846143d7bf192e0dc3bcdbe6245ebc71cbc8de527f07b194e1e559c74fdac
- SHA512
  
  0126e01073374400598660bce59145c7b12bfcea3efdf0e30f1faa5acc7c7b3fdef608af1459da9951ce546f5f3b02e97b4c657a2bd271aa7663e1c77cda64b4
- SSDEEP
  
  98304:yTyXLwBG1SqaMx+Ww1hWu0Dr74tKEhqt6:yTBACww6DI4mq8
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

T1112

Install Root Certificate

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Bootkit

T1067

Privilege Escalation

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence