a8cba24594c80a8919167cf096eb0dab9246c34d9d4d52c50c367a2b8f356512 | Triage

Sharing

General

Target

Counter-Strike-1.6-original.exe
Size

175.5MB
Sample

230331-y1lyrsed7y
MD5

916132c125fc109b4d7edec54db378d3
SHA1

5ce1357ef3922bbe4f2271dd8203c68f933e53ee
SHA256

a8cba24594c80a8919167cf096eb0dab9246c34d9d4d52c50c367a2b8f356512
SHA512

375a0940de3ecbf5ec7296a5209b87013be5ff4a2de87853c39cad5ba38d793bde604a62f40fd8734f17a7bc7acdbfdc2ea609d1f265ca141c946f3bd01d1b4b
SSDEEP

3145728:JiO4hzwsXIKdIq1uG6Zhix5sgoC8WOzBpeGCQNbxLEuP9Sbae8dG9MWpIc:ohzwAImInJZhi5stC8XvV/NbxLts8dyB

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  Counter-Strike-1.6-original.exe
- Size
  
  175.5MB
- MD5
  
  916132c125fc109b4d7edec54db378d3
- SHA1
  
  5ce1357ef3922bbe4f2271dd8203c68f933e53ee
- SHA256
  
  a8cba24594c80a8919167cf096eb0dab9246c34d9d4d52c50c367a2b8f356512
- SHA512
  
  375a0940de3ecbf5ec7296a5209b87013be5ff4a2de87853c39cad5ba38d793bde604a62f40fd8734f17a7bc7acdbfdc2ea609d1f265ca141c946f3bd01d1b4b
- SSDEEP
  
  3145728:JiO4hzwsXIKdIq1uG6Zhix5sgoC8WOzBpeGCQNbxLEuP9Sbae8dG9MWpIc:ohzwAImInJZhi5stC8XvV/NbxLts8dyB
Score

7^/10

bootkit discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

bootkitdiscoverypersistence