c2e771645fba089da50482f34c738ce3e2151d1fd102cc145d7d72122bf897ee | Triage

Sharing

General

Target

Triphenylarsine.zip
Size

101KB
Sample

230331-zx9q4add82
MD5

7c2ab239a7dcf5fc6b13a07e666321ec
SHA1

ff054293b5420ec4c4449c5772699081670958de
SHA256

c2e771645fba089da50482f34c738ce3e2151d1fd102cc145d7d72122bf897ee
SHA512

1bdea0e8d49bd196404af4ba9dfb1428ecc7b6e48db1f83d3932e7d56e5b91c84e378021f28172b97954fb9e607f9423cb8f44278f39b67f6d7ac363b3939f3f
SSDEEP

3072:6nIY1Ub0NPfkrCoEktCLvb8ONSAXZ3a/MfxFS:6NUolG8ktCTYONSAXZ3yj

Score

8^/10

bootkit evasion persistence

Malware Config

Targets

- Target
  
  Triphenylarsine.exe
- Size
  
  125KB
- MD5
  
  962068032e7d6fc2fa259d4c3c353f07
- SHA1
  
  87e0421776ffd5c542d8b3339b82a056813ad4ac
- SHA256
  
  93b7015c3a8fba2336ee4850848b4e34c58b6c8ce3b8c27f634d54f6dac093ad
- SHA512
  
  cd05079cb358137ebec7665ded7743422918ef776e2d81c435b52a2a644ba802f492852ede76cecf6b5bc8225d7e208dcae8c637ce35794e951527dc391f4799
- SSDEEP
  
  1536:zfule+tm6YLX6D0mieQeEJDDOkPWH3v5yffVwsfbrGGfo5MrsWfG6cdS3Cy18z6V:c3ieQzJnDPWXxyfishfYjbSBo6CM
Score

8^/10

bootkit evasion persistence
- Disables Task Manager via registry modification
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitevasionpersistence

behavioral2

bootkitevasionpersistence