d45fd0cfb8f27e48cf7e702363a12dab3485a70fc551f24468d420f3a72bd072 | Triage

Sharing

General

Target

360驱动大师纯净版-2.0.0.1950-绿色单文件.exe
Size

8.8MB
Sample

230801-r3r48she9t
MD5

ba07e3a87cf53d52b992c4145afbecd5
SHA1

555b0f2f552b1e57a11198483abc8e47f1cc4b31
SHA256

d45fd0cfb8f27e48cf7e702363a12dab3485a70fc551f24468d420f3a72bd072
SHA512

b57e1e1165abf7c2298320c0b781c4574d7a8e13f045fbca33d4523972c588d0135b51f06710df62a2e2e38808f499db19736c78735c5c2aac1e9e1c81b81691
SSDEEP

196608:MgcoZEKyKmEq7ShDAo7FJCo+mIGasCZleUxxYBVG1ZsR1hjPqzCEQ9lJjFJH9fY:MgTZEKy/Eq6x7SoDaeMuVfR1hTfJH9g

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  360驱动大师纯净版-2.0.0.1950-绿色单文件.exe
- Size
  
  8.8MB
- MD5
  
  ba07e3a87cf53d52b992c4145afbecd5
- SHA1
  
  555b0f2f552b1e57a11198483abc8e47f1cc4b31
- SHA256
  
  d45fd0cfb8f27e48cf7e702363a12dab3485a70fc551f24468d420f3a72bd072
- SHA512
  
  b57e1e1165abf7c2298320c0b781c4574d7a8e13f045fbca33d4523972c588d0135b51f06710df62a2e2e38808f499db19736c78735c5c2aac1e9e1c81b81691
- SSDEEP
  
  196608:MgcoZEKyKmEq7ShDAo7FJCo+mIGasCZleUxxYBVG1ZsR1hjPqzCEQ9lJjFJH9fY:MgTZEKy/Eq6x7SoDaeMuVfR1hTfJH9g
Score

7^/10

bootkit persistence
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence