5a13743c8329f8e2e0c1fe3eab30387b67a8389f8ae0a97cea1eae390aa888fe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5a13743c8329f8e2e0c1fe3eab30387b67a8389f8ae0a97cea1eae390aa888fe
Size

10.8MB
Sample

230829-zdrq6sag2t
MD5

ee7515422d65f240df68f18f3dcdfc0b
SHA1

eb46ba6139a06ad5c7ca9d25b8796eeb58f9ed8c
SHA256

5a13743c8329f8e2e0c1fe3eab30387b67a8389f8ae0a97cea1eae390aa888fe
SHA512

26ca67e5e09aa536311b0b93f68987671f6808f6b53d7403133dcde59fd93dbe8c6db36ed5a9a4d904186679938550da60fd7f2128864c8c8c03b4d2801aa139
SSDEEP

196608:8/MYYLlQ4qHSk3zE9DyW7m+/5VZZWbatu7Q0Mgrjz0h/FWwiU2q:ZbMjcDmba0c0My30j8U2

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  5a13743c8329f8e2e0c1fe3eab30387b67a8389f8ae0a97cea1eae390aa888fe
- Size
  
  10.8MB
- MD5
  
  ee7515422d65f240df68f18f3dcdfc0b
- SHA1
  
  eb46ba6139a06ad5c7ca9d25b8796eeb58f9ed8c
- SHA256
  
  5a13743c8329f8e2e0c1fe3eab30387b67a8389f8ae0a97cea1eae390aa888fe
- SHA512
  
  26ca67e5e09aa536311b0b93f68987671f6808f6b53d7403133dcde59fd93dbe8c6db36ed5a9a4d904186679938550da60fd7f2128864c8c8c03b4d2801aa139
- SSDEEP
  
  196608:8/MYYLlQ4qHSk3zE9DyW7m+/5VZZWbatu7Q0Mgrjz0h/FWwiU2q:ZbMjcDmba0c0My30j8U2
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence