c170c67ff949505c811d32253272ea9d5ade0648dd2b9ac541ce82ff174aff4d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.0d5d8adf9553aa479d61d8d3499596d0_JC.exe
Size

192KB
Sample

231013-wjmgvseg32
MD5

0d5d8adf9553aa479d61d8d3499596d0
SHA1

347bcf2316b6dbabbb33668390afa52a96775d92
SHA256

c170c67ff949505c811d32253272ea9d5ade0648dd2b9ac541ce82ff174aff4d
SHA512

748683291bc21f288c4552481f9b355caa2801a173e6d74b85b756a3927537be76a5fbcbc220bbeb27ebb94b01df1d7b65ab072b893afe8ee00f0d8c55070377
SSDEEP

3072:1gXdZt9P6D3XJr8XZqwLObVtzaVrawzPV55SQEc/6e/3w254rOn5K+OZFu:1e34N8XIwKHka2t5ZE1rYU+kFu

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  NEAS.0d5d8adf9553aa479d61d8d3499596d0_JC.exe
- Size
  
  192KB
- MD5
  
  0d5d8adf9553aa479d61d8d3499596d0
- SHA1
  
  347bcf2316b6dbabbb33668390afa52a96775d92
- SHA256
  
  c170c67ff949505c811d32253272ea9d5ade0648dd2b9ac541ce82ff174aff4d
- SHA512
  
  748683291bc21f288c4552481f9b355caa2801a173e6d74b85b756a3927537be76a5fbcbc220bbeb27ebb94b01df1d7b65ab072b893afe8ee00f0d8c55070377
- SSDEEP
  
  3072:1gXdZt9P6D3XJr8XZqwLObVtzaVrawzPV55SQEc/6e/3w254rOn5K+OZFu:1e34N8XIwKHka2t5ZE1rYU+kFu
Score

7^/10

bootkit discovery persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence