de31f6f451a368ff8228d9e739c0d432a1041af45eec49e66f4193dba499289c | Triage

Sharing

General

Target

de31f6f451a368ff8228d9e739c0d432a1041af45eec49e66f4193dba499289c
Size

4.2MB
Sample

231013-ww8kvsfa24
MD5

1ac951ba69ffc952c8fe53c7aba34a25
SHA1

72a9b5fcb707050ef18c8aac8f1222721227ff2a
SHA256

de31f6f451a368ff8228d9e739c0d432a1041af45eec49e66f4193dba499289c
SHA512

29590b3f20d63fe139917ee2cc737c899d022051db10e0d90776aca37f85a2caad7791ec5d7d870ce6855fcf610a4a008f0462c51a504c7d3ed2eae02bc6043b
SSDEEP

98304:4pbn/+qgGcfCM472Of94T2D4TvvVP1sbwhylpYmkb:W/TgGUCwOf9pDOnXIiFb

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  de31f6f451a368ff8228d9e739c0d432a1041af45eec49e66f4193dba499289c
- Size
  
  4.2MB
- MD5
  
  1ac951ba69ffc952c8fe53c7aba34a25
- SHA1
  
  72a9b5fcb707050ef18c8aac8f1222721227ff2a
- SHA256
  
  de31f6f451a368ff8228d9e739c0d432a1041af45eec49e66f4193dba499289c
- SHA512
  
  29590b3f20d63fe139917ee2cc737c899d022051db10e0d90776aca37f85a2caad7791ec5d7d870ce6855fcf610a4a008f0462c51a504c7d3ed2eae02bc6043b
- SSDEEP
  
  98304:4pbn/+qgGcfCM472Of94T2D4TvvVP1sbwhylpYmkb:W/TgGUCwOf9pDOnXIiFb
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence