Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

a170a6e4f8d6362e2451b4e550b61c77afefec09bc6a5d4094ecf5d172191a34
Size

25MB
Sample

230330-hfkxzabc49
MD5

ee095fb43bb93725dbf539d2dadf97eb
SHA1

f303382923cc83d2c13f248c2bdf654da4383b32
SHA256

a170a6e4f8d6362e2451b4e550b61c77afefec09bc6a5d4094ecf5d172191a34
SHA512

cce9c801ca7e8f9d51826cc079dc32400a825eec78068a2bbf3e5287e6e506b411ac02829c272e4e055dc43c44fe9a2d87190143db6915266f57794c4822d353
SSDEEP

786432:5j99c7HhZNDRLPjqLBeYPWEiR4mEAnG4f3C:5jsBNLPmLMu7a/EA9K

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  a170a6e4f8d6362e2451b4e550b61c77afefec09bc6a5d4094ecf5d172191a34
- Size
  
  25MB
- MD5
  
  ee095fb43bb93725dbf539d2dadf97eb
- SHA1
  
  f303382923cc83d2c13f248c2bdf654da4383b32
- SHA256
  
  a170a6e4f8d6362e2451b4e550b61c77afefec09bc6a5d4094ecf5d172191a34
- SHA512
  
  cce9c801ca7e8f9d51826cc079dc32400a825eec78068a2bbf3e5287e6e506b411ac02829c272e4e055dc43c44fe9a2d87190143db6915266f57794c4822d353
- SSDEEP
  
  786432:5j99c7HhZNDRLPjqLBeYPWEiR4mEAnG4f3C:5jsBNLPmLMu7a/EA9K
Score

7^/10

bootkit persistence
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence