fc0710a9db03a6880a7678546f030ac96a96db020b9c29753b5cc1b245ea9bcb | Triage

Sharing

General

Target

HTFXLimited_JC.exe
Size

3.3MB
Sample

231013-fvvdvafa4s
MD5

68c0d862632c85bd7be3a5ca585abef4
SHA1

74485c930d5ba001c9d108ab6007fb4381ac8945
SHA256

fc0710a9db03a6880a7678546f030ac96a96db020b9c29753b5cc1b245ea9bcb
SHA512

5df67e5639f06fe54bf9484851b05f465ba8eedab8d914017551b5002e0fcb2dd0363f4e58ae02ead06c5b8b283a73a4a2df26f522a07c6625ce25b51f9eb988
SSDEEP

49152:u3/0e6aTrHGw0g83XXoTgi8CuDHwb0X3nOjVsCXn:ze6hgOHQS+WCXn

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  HTFXLimited_JC.exe
- Size
  
  3.3MB
- MD5
  
  68c0d862632c85bd7be3a5ca585abef4
- SHA1
  
  74485c930d5ba001c9d108ab6007fb4381ac8945
- SHA256
  
  fc0710a9db03a6880a7678546f030ac96a96db020b9c29753b5cc1b245ea9bcb
- SHA512
  
  5df67e5639f06fe54bf9484851b05f465ba8eedab8d914017551b5002e0fcb2dd0363f4e58ae02ead06c5b8b283a73a4a2df26f522a07c6625ce25b51f9eb988
- SSDEEP
  
  49152:u3/0e6aTrHGw0g83XXoTgi8CuDHwb0X3nOjVsCXn:ze6hgOHQS+WCXn
Score

7^/10

bootkit persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence