7a7848da6e229abc1681d01407679d1dfdc9e7f7756b49fec1802d49be10f45c | Triage

Sharing

General

Target

tmp
Size

32.5MB
Sample

230630-tcp83aeg4x
MD5

40462cb1d8678ec6103aa71655f15fe1
SHA1

be4a958b79ab7c410b51911e272ec3e2e04f4ed7
SHA256

7a7848da6e229abc1681d01407679d1dfdc9e7f7756b49fec1802d49be10f45c
SHA512

2f4777b6104ce04baf2009e36bc3048ecc3deefa342d12f9ebfaeaa1eb6db36fb4600915fd3b52d0764e609527778150e1a1c8b0f227372458997dbdca439af5
SSDEEP

786432:RNhjKQH/s50/ChVnfAz/DCGEBqscfa+IWpSxk8unu/3T7nrNtm:vhjKQHA0/yVnIz/H3fJnpKSu/TVc

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  tmp
- Size
  
  32.5MB
- MD5
  
  40462cb1d8678ec6103aa71655f15fe1
- SHA1
  
  be4a958b79ab7c410b51911e272ec3e2e04f4ed7
- SHA256
  
  7a7848da6e229abc1681d01407679d1dfdc9e7f7756b49fec1802d49be10f45c
- SHA512
  
  2f4777b6104ce04baf2009e36bc3048ecc3deefa342d12f9ebfaeaa1eb6db36fb4600915fd3b52d0764e609527778150e1a1c8b0f227372458997dbdca439af5
- SSDEEP
  
  786432:RNhjKQH/s50/ChVnfAz/DCGEBqscfa+IWpSxk8unu/3T7nrNtm:vhjKQHA0/yVnIz/H3fJnpKSu/TVc
Score

7^/10

bootkit persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence