fbba21e26d1ec26e68d604be22273555cf278c84b65ccb55a08c928ca35b689e | Triage

Sharing

General

Target

MDE_File_Sample_a96982e8c7c60161303db9df2235268a7be9a2dac2fd5fdd12ba317cd7259cb0.zip
Size

4.5MB
Sample

231013-gxddsafc3y
MD5

3de08ad7e79d06e606f04e9dd15154bb
SHA1

b9ac9f1d69e63280c528ac79b2053caac021261b
SHA256

fbba21e26d1ec26e68d604be22273555cf278c84b65ccb55a08c928ca35b689e
SHA512

23b99243d1e3fd87a95493607acd1cdd3a41860769cbc1134b14bb1d0853d973c7e21822644ecd91e55c4b0fb30927e7150f7a9215901ac124ecd3604b690a87
SSDEEP

98304:iYuB/TdYIp1seUI3DwWSLlYFDu6TANLHStzvj5isdkmPBDTC:iz/TSIp193DpBCwAez4cZG

Score

8^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  ??_4429373294.exe
- Size
  
  4.9MB
- MD5
  
  3490dc6fe080b01509ae7adf52d6f3d0
- SHA1
  
  84ed7d674daa4b8fc5db1f40c2d22b052c678672
- SHA256
  
  a96982e8c7c60161303db9df2235268a7be9a2dac2fd5fdd12ba317cd7259cb0
- SHA512
  
  cedf06cd7313e20b291a45f09e937aeed3d53f4eb9d0f666a62c4b493686fb5702297ffdd36e66afe6a2ed16028354301edeede8170dcb269a4ad1d4341ed750
- SSDEEP
  
  98304:Z4s9s38iiFAIc5t94qs4DwpzFgfLS6GdiGTKH12n++8aKIJzDqW5f:Z4on+IfXxK9GYGOVgl/K6DP
Score

8^/10

bootkit discovery persistence
- Downloads MZ/PE file
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2