Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

f55b5576d248b3bf0683f71fdae522a5c91ef87bb7e8dbded251e364687f3586.exe
Size

1MB
Sample

230328-hpatcshe23
MD5

e3e5d520468b058d86c4bb4fa0b3459e
SHA1

932af3c5049c93cbcadc40d510ea1afd71b3739a
SHA256

f55b5576d248b3bf0683f71fdae522a5c91ef87bb7e8dbded251e364687f3586
SHA512

9c985541c9016a89248d2193d45adb1d1de23eca0807b55583499f0810001416566121b7ed16fcd9ff02e236e411bfecab00d7503cb6d0919b4eebc0a54d8485
SSDEEP

24576:5NrzL30XIWDA2gMC3G1WOtF57GeW37ToL:LrzLkBP1taeWrT

Score

10^/10

bootkit persistence

Malware Config

Targets

- Target
  
  f55b5576d248b3bf0683f71fdae522a5c91ef87bb7e8dbded251e364687f3586.exe
- Size
  
  1MB
- MD5
  
  e3e5d520468b058d86c4bb4fa0b3459e
- SHA1
  
  932af3c5049c93cbcadc40d510ea1afd71b3739a
- SHA256
  
  f55b5576d248b3bf0683f71fdae522a5c91ef87bb7e8dbded251e364687f3586
- SHA512
  
  9c985541c9016a89248d2193d45adb1d1de23eca0807b55583499f0810001416566121b7ed16fcd9ff02e236e411bfecab00d7503cb6d0919b4eebc0a54d8485
- SSDEEP
  
  24576:5NrzL30XIWDA2gMC3G1WOtF57GeW37ToL:LrzLkBP1taeWrT
Score

10^/10

bootkit persistence
- Modifies WinLogon for persistence
  persistence
- Sets file execution options in registry
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

System Information Discovery

T1082

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Winlogon Helper DLL

T1004

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence