Overview

overview

8

Static

static

1

Screenshot...AM.png

windows10-2004-x64

8

Resubmissions

09/05/2023, 17:52

230509-wf6rbsdb77 8

09/05/2023, 17:49

230509-wd5fgsfb4x 8

Sharing

Copy URL Twitter E-mail

General

  • Target

    Screenshot 2023-05-09 11.02.16 AM.png

  • Size

    22KB

  • Sample

    230509-wd5fgsfb4x

  • MD5

    166c95cbe57a5d1cc046838a004c260a

  • SHA1

    7ea531f59a2d557a93f874c104342221cce8fc2d

  • SHA256

    0044f20835a6d59f6eaca0ae9489fa7ce7d6f46cfc519941b2fcb4f69d29951c

  • SHA512

    88f36ce4d3f67a900c69911902f5a0564b52ff2bc9c6609a664aba268eb85ddf3d99f28fe5e25b9c0c2c972c85d96b0edf7ca025fc9902574ee8a0116ed81f6b

  • SSDEEP

    384:Z/j22Nl1iaEwch2S7nEtgBvMdxUQt1RtHaSVaR03huRa8E6TeNXM9M36m:BS2ViVOSAM00IRt6/aOU8u6m

Score
8/10
bootkitevasionpersistence

Malware Config

Targets

    • Target

      Screenshot 2023-05-09 11.02.16 AM.png

    • Size

      22KB

    • MD5

      166c95cbe57a5d1cc046838a004c260a

    • SHA1

      7ea531f59a2d557a93f874c104342221cce8fc2d

    • SHA256

      0044f20835a6d59f6eaca0ae9489fa7ce7d6f46cfc519941b2fcb4f69d29951c

    • SHA512

      88f36ce4d3f67a900c69911902f5a0564b52ff2bc9c6609a664aba268eb85ddf3d99f28fe5e25b9c0c2c972c85d96b0edf7ca025fc9902574ee8a0116ed81f6b

    • SSDEEP

      384:Z/j22Nl1iaEwch2S7nEtgBvMdxUQt1RtHaSVaR03huRa8E6TeNXM9M36m:BS2ViVOSAM00IRt6/aOU8u6m

    Score
    8/10
    bootkitevasionpersistence

    • Disables Task Manager via registry modification

      evasion

    • Drops Chrome extension

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks