a9a6aef55e7ddd6f4456788975b09671fdb04cabfd1b04450ece973fa52f1e0f | Triage

Sharing

General

Target

a9a6aef55e7ddd6f4456788975b09671fdb04cabfd1b04450ece973fa52f1e0f
Size

4.0MB
Sample

230416-w4ebzsah76
MD5

cac5fa3ad04dc2ff996ebc1fdac44ff6
SHA1

679418894f5be792df542c29b5e57cc51aef27be
SHA256

a9a6aef55e7ddd6f4456788975b09671fdb04cabfd1b04450ece973fa52f1e0f
SHA512

d0a7c24a59264f618fefb446cd34916b13ae85ae3cc437e0014d8db4373912c45f7be670b30d83ce2ace73fda267770bc2476b16ca099faf01292787f22929df
SSDEEP

98304:daXTJBAUZLsq/ItBYjzCRwG/T8zIHAwnyK:daDJVA/tqjzmwcTyyyK

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  a9a6aef55e7ddd6f4456788975b09671fdb04cabfd1b04450ece973fa52f1e0f
- Size
  
  4.0MB
- MD5
  
  cac5fa3ad04dc2ff996ebc1fdac44ff6
- SHA1
  
  679418894f5be792df542c29b5e57cc51aef27be
- SHA256
  
  a9a6aef55e7ddd6f4456788975b09671fdb04cabfd1b04450ece973fa52f1e0f
- SHA512
  
  d0a7c24a59264f618fefb446cd34916b13ae85ae3cc437e0014d8db4373912c45f7be670b30d83ce2ace73fda267770bc2476b16ca099faf01292787f22929df
- SSDEEP
  
  98304:daXTJBAUZLsq/ItBYjzCRwG/T8zIHAwnyK:daDJVA/tqjzmwcTyyyK
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence