320457ac2cd2e960bd92770211a026bba305a19b2f96e2bcdb9c12deb1659f9e | Triage

Submit
Reports

Overview

overview

8

Static

static

1

@me.html

windows10-1703-x64

8

Sharing

General

Target

@me
Size

9KB
Sample

230331-v8m91sdd9s
MD5

1ee279efc39724319e012d905234fe62
SHA1

706bcc5e3aaf921bd016a06dafb42f012b3c9914
SHA256

320457ac2cd2e960bd92770211a026bba305a19b2f96e2bcdb9c12deb1659f9e
SHA512

2a2563965c70661f5e989e88a2f4beedc5424f0682012a2ce972f801d3f0f1ec2d0c266350d5295a6a8d4b64f0dbe52f6da9a9118cb03b6873d8afb96d390006
SSDEEP

192:SMBuHRrkce9a5uEEs4YFxQHvGjayThrISCw:VEHRNe9aUEEs4Y3QHvGjaOhrISl

Score

8^/10

bootkit persistence

Static task

static1

Behavioral task

behavioral1

Sample

@me.html

Resource

win10-20230220-en

bootkit persistence

windows10-1703-x64

16 signatures

600 seconds

Malware Config

Targets

- Target
  
  @me
- Size
  
  9KB
- MD5
  
  1ee279efc39724319e012d905234fe62
- SHA1
  
  706bcc5e3aaf921bd016a06dafb42f012b3c9914
- SHA256
  
  320457ac2cd2e960bd92770211a026bba305a19b2f96e2bcdb9c12deb1659f9e
- SHA512
  
  2a2563965c70661f5e989e88a2f4beedc5424f0682012a2ce972f801d3f0f1ec2d0c266350d5295a6a8d4b64f0dbe52f6da9a9118cb03b6873d8afb96d390006
- SSDEEP
  
  192:SMBuHRrkce9a5uEEs4YFxQHvGjayThrISCw:VEHRNe9aUEEs4Y3QHvGjaOhrISl
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

bootkitpersistence

© 2018-2024

Terms | Privacy