General

  • Target

    66dad1b00972b9de6170f364c227ffb3e498b2cbd859134944828972e2a3810e

  • Size

    3.4MB

  • Sample

    230331-c1hqfshg2x

  • MD5

    25a20f4c1f8e31076a84316dddebba04

  • SHA1

    ffe7b61f35f07f849693ee55612a4aca14d18f88

  • SHA256

    66dad1b00972b9de6170f364c227ffb3e498b2cbd859134944828972e2a3810e

  • SHA512

    332126aaa6a942943431e039cd81436998b4fa8b85ef3d5c8775a7422882471588c574aa09909769d0f41f4664716cf36aebe194335314ebb6b9cb3e06750235

  • SSDEEP

    98304:uQgzwoTo0D6shn6abWf0aWNC2HXrWtahpkh:uQgbZeVWC2HbWwhM

Malware Config

Targets

    • Target

      66dad1b00972b9de6170f364c227ffb3e498b2cbd859134944828972e2a3810e

    • Size

      3.4MB

    • MD5

      25a20f4c1f8e31076a84316dddebba04

    • SHA1

      ffe7b61f35f07f849693ee55612a4aca14d18f88

    • SHA256

      66dad1b00972b9de6170f364c227ffb3e498b2cbd859134944828972e2a3810e

    • SHA512

      332126aaa6a942943431e039cd81436998b4fa8b85ef3d5c8775a7422882471588c574aa09909769d0f41f4664716cf36aebe194335314ebb6b9cb3e06750235

    • SSDEEP

      98304:uQgzwoTo0D6shn6abWf0aWNC2HXrWtahpkh:uQgbZeVWC2HbWwhM

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Bootkit

1
T1067

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

Tasks