c252f3debd97c3ba7431ae2862a6402a6c16edb1dea48e5080578920af83f5a5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c252f3debd97c3ba7431ae2862a6402a6c16edb1dea48e5080578920af83f5a5
Size

8.0MB
Sample

230816-cxd8vsgd3z
MD5

8f0e313ffb1d626d0f004b10ad52ad12
SHA1

3633b06ae924c0435f2fabb293e4db21d636aaf8
SHA256

c252f3debd97c3ba7431ae2862a6402a6c16edb1dea48e5080578920af83f5a5
SHA512

0834aa32576a29820dc615bba0f30c7333c965bea27819d29a0f36da44fd66c15401d17de6c006208c3003934d1595d6b15c3b7a5c7aa861803f1b2e80b96f89
SSDEEP

196608:6aYvO5uJPuRVFAqkewfW3MNKp1Gi2xL9w7QhB8p1d43lwwh:6aYG5uJ4b7kNIpJWhLz8pX4

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  c252f3debd97c3ba7431ae2862a6402a6c16edb1dea48e5080578920af83f5a5
- Size
  
  8.0MB
- MD5
  
  8f0e313ffb1d626d0f004b10ad52ad12
- SHA1
  
  3633b06ae924c0435f2fabb293e4db21d636aaf8
- SHA256
  
  c252f3debd97c3ba7431ae2862a6402a6c16edb1dea48e5080578920af83f5a5
- SHA512
  
  0834aa32576a29820dc615bba0f30c7333c965bea27819d29a0f36da44fd66c15401d17de6c006208c3003934d1595d6b15c3b7a5c7aa861803f1b2e80b96f89
- SSDEEP
  
  196608:6aYvO5uJPuRVFAqkewfW3MNKp1Gi2xL9w7QhB8p1d43lwwh:6aYG5uJ4b7kNIpJWhLz8pX4
Score

7^/10

bootkit persistence
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies boot configuration data using bcdedit
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence