d8341acb15cf158aa1ab4bc600b67b657b8f7b15dbc93acf29cb4a3d9e4f98fc | Triage

Sharing

General

Target

Holmium.exe
Size

53KB
Sample

230402-lg4y1sff38
MD5

2c1282268ccd4a23bed9f8f53372a32d
SHA1

c0052f0c640d9d060af7c9fd43fa5537a9bef0b9
SHA256

d8341acb15cf158aa1ab4bc600b67b657b8f7b15dbc93acf29cb4a3d9e4f98fc
SHA512

cbe61c4bdbc4d0774212ad2aba59b24672de6106cedbf5a4677f12da53ca0ba883dc46b719f0596df48b47512f705e3187975e6200462fda4719460c5f365210
SSDEEP

768:QpeVMP2xCO5SYMoSEj6VpWOQ2U5BAYH5IGoZ8U7:QpeVM+xCOhSa6z/Q2U56YHSD

Score

8^/10

bootkit evasion persistence

Malware Config

Targets

- Target
  
  Holmium.exe
- Size
  
  53KB
- MD5
  
  2c1282268ccd4a23bed9f8f53372a32d
- SHA1
  
  c0052f0c640d9d060af7c9fd43fa5537a9bef0b9
- SHA256
  
  d8341acb15cf158aa1ab4bc600b67b657b8f7b15dbc93acf29cb4a3d9e4f98fc
- SHA512
  
  cbe61c4bdbc4d0774212ad2aba59b24672de6106cedbf5a4677f12da53ca0ba883dc46b719f0596df48b47512f705e3187975e6200462fda4719460c5f365210
- SSDEEP
  
  768:QpeVMP2xCO5SYMoSEj6VpWOQ2U5BAYH5IGoZ8U7:QpeVM+xCOhSa6z/Q2U56YHSD
Score

8^/10

bootkit evasion persistence
- Disables Task Manager via registry modification
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitevasionpersistence