e90a5d12a37b56b6db35f8f04b49e6224bbc9d5b0e0a5ad319c30f32c2e85861 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e90a5d12a37b56b6db35f8f04b49e6224bbc9d5b0e0a5ad319c30f32c2e85861
Size

4.8MB
Sample

231008-eqhzkshh31
MD5

6d88ff323d79bec07b8f05512b788c7b
SHA1

d4643d5cbfd2f63baa2aab3c93019eadf7098238
SHA256

e90a5d12a37b56b6db35f8f04b49e6224bbc9d5b0e0a5ad319c30f32c2e85861
SHA512

7f2b914d3d4606fb0c10429b6bb34621de0a46d00aa5d3a587973a70bb8e250a629f95b6589ea94edd1020dbc4e54ce0a283ee022da70f990596fd75d6373ee5
SSDEEP

98304:sGxpLcyusiCv+mAfXirOzKrfnhPpgAAotPPRLy74N4OukzPaWGZq0fq:NVvTOyh+yPNy8NLukLaWGZb

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  e90a5d12a37b56b6db35f8f04b49e6224bbc9d5b0e0a5ad319c30f32c2e85861
- Size
  
  4.8MB
- MD5
  
  6d88ff323d79bec07b8f05512b788c7b
- SHA1
  
  d4643d5cbfd2f63baa2aab3c93019eadf7098238
- SHA256
  
  e90a5d12a37b56b6db35f8f04b49e6224bbc9d5b0e0a5ad319c30f32c2e85861
- SHA512
  
  7f2b914d3d4606fb0c10429b6bb34621de0a46d00aa5d3a587973a70bb8e250a629f95b6589ea94edd1020dbc4e54ce0a283ee022da70f990596fd75d6373ee5
- SSDEEP
  
  98304:sGxpLcyusiCv+mAfXirOzKrfnhPpgAAotPPRLy74N4OukzPaWGZq0fq:NVvTOyh+yPNy8NLukLaWGZb
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence