Overview

overview

7

Static

static

1

ba1b86fe27...2f.exe

windows7-x64

7

ba1b86fe27...2f.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ba1b86fe275d189154a5d568fb46c9207a9341e9d7563987675218c3f1722f2f

  • Size

    26.0MB

  • Sample

    230329-mymazahe7s

  • MD5

    2486887816468c2c696e55b1521f508d

  • SHA1

    afd6acdbd11804ae034081dae7262b52f1831d07

  • SHA256

    ba1b86fe275d189154a5d568fb46c9207a9341e9d7563987675218c3f1722f2f

  • SHA512

    75210bf4067c0ca4abe6d44e73d4814f12c58ec675026fe25855e995b6a0d70f16bace485d6d1da7744354531bce9a0ae299e270cc163140aeea3c2536725485

  • SSDEEP

    786432:OjRaLwqLOUJhZNDRLPjqLBeYPWEiR4mEAnG4f3q:OjRakONLPmLMu7a/EA9i

Score
7/10
bootkitpersistence

Malware Config

Targets

    • Target

      ba1b86fe275d189154a5d568fb46c9207a9341e9d7563987675218c3f1722f2f

    • Size

      26.0MB

    • MD5

      2486887816468c2c696e55b1521f508d

    • SHA1

      afd6acdbd11804ae034081dae7262b52f1831d07

    • SHA256

      ba1b86fe275d189154a5d568fb46c9207a9341e9d7563987675218c3f1722f2f

    • SHA512

      75210bf4067c0ca4abe6d44e73d4814f12c58ec675026fe25855e995b6a0d70f16bace485d6d1da7744354531bce9a0ae299e270cc163140aeea3c2536725485

    • SSDEEP

      786432:OjRaLwqLOUJhZNDRLPjqLBeYPWEiR4mEAnG4f3q:OjRakONLPmLMu7a/EA9i

    Score
    7/10
    bootkitpersistence

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks