b18a540f4506ae9400bbc58fb8b69028274b3ccc4851de605df77b545c7c625b | Triage

Sharing

General

Target

EPS_setup.exe
Size

4.3MB
Sample

231003-sxqjwsch5y
MD5

3d0b02cad726d1a45a3f55bcf395b210
SHA1

cb2239ee9f5e6652ce7e54f49d667874312161a3
SHA256

b18a540f4506ae9400bbc58fb8b69028274b3ccc4851de605df77b545c7c625b
SHA512

f21c530547c161405d72c518e2849db299bd6e625758a83095c8b5a894f1287861693a0f2ba76593558d7160ad539f3273ff842f259e3fb886dbfa4abc4a90f1
SSDEEP

49152:GqeNVSZPSLIkg/JFF85w8pLe0xgcMw10EDl0qO7wv3My+B2sO2skryk9ReN/xj:3EsPSLIlM5w8Rbdr0SI723My+AsGkCr

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  EPS_setup.exe
- Size
  
  4.3MB
- MD5
  
  3d0b02cad726d1a45a3f55bcf395b210
- SHA1
  
  cb2239ee9f5e6652ce7e54f49d667874312161a3
- SHA256
  
  b18a540f4506ae9400bbc58fb8b69028274b3ccc4851de605df77b545c7c625b
- SHA512
  
  f21c530547c161405d72c518e2849db299bd6e625758a83095c8b5a894f1287861693a0f2ba76593558d7160ad539f3273ff842f259e3fb886dbfa4abc4a90f1
- SSDEEP
  
  49152:GqeNVSZPSLIkg/JFF85w8pLe0xgcMw10EDl0qO7wv3My+B2sO2skryk9ReN/xj:3EsPSLIlM5w8Rbdr0SI723My+AsGkCr
Score

7^/10

bootkit discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence