Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

4ab364f06d66e89313e1c8c4cb4fca9c8584efbd071a55e3c835d0bf7745ad15
Size

5MB
Sample

230330-16qj9aag4w
MD5

ebb12ca62bc0813f2da8af2f99f3b8d8
SHA1

dc388c3aba3057e938e03017e9ebb236a92efbca
SHA256

4ab364f06d66e89313e1c8c4cb4fca9c8584efbd071a55e3c835d0bf7745ad15
SHA512

123d3795c84863d90199bc4f669c292cab2b389409a33a70d774bdafa5cb357a5e1e63bca87750ce67e67b452de806a41a2dc1409b89a14a9c3d9a48f73d5b14
SSDEEP

98304:fBHB2pne7a1mN1E8lkcf5YjovKqGYiOE8oLj5jIrHL3GqHqUN:fv1GGE5gyjovK65E8oqjLP3N

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  4ab364f06d66e89313e1c8c4cb4fca9c8584efbd071a55e3c835d0bf7745ad15
- Size
  
  5MB
- MD5
  
  ebb12ca62bc0813f2da8af2f99f3b8d8
- SHA1
  
  dc388c3aba3057e938e03017e9ebb236a92efbca
- SHA256
  
  4ab364f06d66e89313e1c8c4cb4fca9c8584efbd071a55e3c835d0bf7745ad15
- SHA512
  
  123d3795c84863d90199bc4f669c292cab2b389409a33a70d774bdafa5cb357a5e1e63bca87750ce67e67b452de806a41a2dc1409b89a14a9c3d9a48f73d5b14
- SSDEEP
  
  98304:fBHB2pne7a1mN1E8lkcf5YjovKqGYiOE8oLj5jIrHL3GqHqUN:fv1GGE5gyjovK65E8oqjLP3N
Score

8^/10

bootkit persistence
- Blocklisted process makes network request
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2