547aa126a73ed64b64ec9e0342b85b92effdeb97176363ff0a80f97322f0619b | Triage

Sharing

General

Target

sample
Size

1KB
Sample

231006-12a9rsgc2z
MD5

79e06b3aaccb91b66795146153924c74
SHA1

109b547884e40e9cd9a6314d7c4dcdcda1511926
SHA256

547aa126a73ed64b64ec9e0342b85b92effdeb97176363ff0a80f97322f0619b
SHA512

a162076f483f23fba4ce1d3652dfce808c730a5849354a22e8b008a7f956ebf8944a286bfe0a584e908e01de47fde4761c7b15d566087d1d164a226e3f1b74a8

Score

10^/10

bootkit discovery evasion exploit persistence

Malware Config

Targets

- Target
  
  sample
- Size
  
  1KB
- MD5
  
  79e06b3aaccb91b66795146153924c74
- SHA1
  
  109b547884e40e9cd9a6314d7c4dcdcda1511926
- SHA256
  
  547aa126a73ed64b64ec9e0342b85b92effdeb97176363ff0a80f97322f0619b
- SHA512
  
  a162076f483f23fba4ce1d3652dfce808c730a5849354a22e8b008a7f956ebf8944a286bfe0a584e908e01de47fde4761c7b15d566087d1d164a226e3f1b74a8
Score

10^/10

bootkit discovery evasion exploit persistence
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Executes dropped EXE
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionexploitpersistence