be432f760e277fcdc786058e9b4ab3857c754045159fa1b150b528a357afb430 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

8f1d957803...86.exe

windows7-x64

1

8f1d957803...86.exe

windows10-2004-x64

8

Sharing

General

Target

8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.7z
Size

6.1MB
Sample

230403-eazbmadh61
MD5

e891612c3116ec01aba315a44c1c8fbb
SHA1

9f904734f33416555dd408ab2cbdf969baabd24c
SHA256

be432f760e277fcdc786058e9b4ab3857c754045159fa1b150b528a357afb430
SHA512

f1e148d3d341328c3b4f26b41b7242bada8a3260a21c1101fa19ab2e1a3f6b43b860942b5f3e9f28e4af3bcd433d956aa179a32cee7cf8e2dce4d3078a06b01b
SSDEEP

196608:ScjDpINy3zzL0Tm0Cd3lx1GrWcSoB0jvQ:SQOy3zzL0h83lT4h+Q

Score

8^/10

bootkit discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe

Resource

win7-20230220-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe

Resource

win10v2004-20230220-en

bootkit discovery persistence

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486
- Size
  
  6.7MB
- MD5
  
  65c6c55ff7a297cb8038ed701d6cdef1
- SHA1
  
  70bc9fabbc72224d3ad5ad54211e2e6865aefc9c
- SHA256
  
  8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486
- SHA512
  
  80521a7a5592d6bd52187af31c6a293802a7d654308ec0f3aab234e3e0df294b7439d510973bc8db5ea85bb1a80e5532fdbcf9f75e401935046441065ab1dac6
- SSDEEP
  
  98304:2TOYcpeE6kT/hh5UhamPSzGOljFbY/qAt8Z06Sgn6W9BO+xmLaGDaQHmm/z:moehkKhhaz/lBbY/qAtifSZOt8aeb
Score

8^/10

bootkit discovery persistence
- Downloads MZ/PE file
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

bootkitdiscoverypersistence

© 2018-2024

Terms | Privacy