cad0e84b5c7a0aa2f60edecd9edd8a0db0fcdf439de63db7f1a4a06f3ebcf09e | Triage

Resubmissions

31-03-2023 23:15

230331-28yt3sec63 6

31-03-2023 23:09

230331-25cgnsec34 6

Sharing

General

Target

IGG-REDCON.v1.3.0.rar
Size

33.2MB
Sample

230331-28yt3sec63
MD5

747e51948629d288108d229483196f3b
SHA1

0d640cbe55d9ba243e42b3115656a2ce225c62f6
SHA256

cad0e84b5c7a0aa2f60edecd9edd8a0db0fcdf439de63db7f1a4a06f3ebcf09e
SHA512

388b41c10b18695f3927b3a08e1334ddc2758b45541d628cc99af5df4937e485a85a99137bdd3b52b0898450ec84822dab95db101353ddad08e5e487d606ae45
SSDEEP

393216:eXZZYZMNuEJE7Yov7JyQZkDotm+xRtjlXkptqkF/uY8GLgFnvG4eHkZG0OzT4Vgw:eXy0Sj7J10otm+DnNk5BYeWGlzT4GGH

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  IGG-REDCON.v1.3.0/LAUNCHER.exe
- Size
  
  227KB
- MD5
  
  2f4a7fff291d215c42782b66dbbdc28f
- SHA1
  
  ac6ffdf41e531308358ff621422df2e879c4ae55
- SHA256
  
  81670b11a1848fdfa52c3dc72d0c80086ab94a52386498f9014fc7010bd69d2f
- SHA512
  
  0425cfdbc3ddf53cebfc8983980f909161ee9ddb64131e9cb75f7a096fedeca2714cef3ada8d76e6c6e8fa1a9a79868fec6af53f15b7d9296ff51ff6d0a4f8b6
- SSDEEP
  
  3072:MGtleufyNONL4MdzNOY4jb1pQFhHKPtOHO6VrVPoVJtCbhVPoVJtCbFyf:DtleuqKEYUYQyHHKPtOHRWehWeQ
Score

6^/10

bootkit persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence