f9eb4311aa4b349857f02d34a0d38cedf94e72124b22996c36c1a6f44f81972c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f9eb4311aa4b349857f02d34a0d38cedf94e72124b22996c36c1a6f44f81972c
Size

680KB
Sample

231014-hvj9zsge91
MD5

2cecb0c9152640692dea0afc75b787ee
SHA1

5c3c0f10f79920077f2da65b1261d56b0d424d5b
SHA256

f9eb4311aa4b349857f02d34a0d38cedf94e72124b22996c36c1a6f44f81972c
SHA512

721e913bba125a88b1cdf5ca01d2903906f67511af7f5b7bdcc75d13c0436b5c2896263dec62e749e3b8b22634b014390b7b94d456927af7762d780a82381ff2
SSDEEP

6144:Pmu6RuoJdOMDUmeNY2B8cPJKYOoWT4HQ/uMIQT0uIwtST+TVPTSAD6RVhQ18n2:uKovzUDb8WKYOd/D4uxpPGAAoi2

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  f9eb4311aa4b349857f02d34a0d38cedf94e72124b22996c36c1a6f44f81972c
- Size
  
  680KB
- MD5
  
  2cecb0c9152640692dea0afc75b787ee
- SHA1
  
  5c3c0f10f79920077f2da65b1261d56b0d424d5b
- SHA256
  
  f9eb4311aa4b349857f02d34a0d38cedf94e72124b22996c36c1a6f44f81972c
- SHA512
  
  721e913bba125a88b1cdf5ca01d2903906f67511af7f5b7bdcc75d13c0436b5c2896263dec62e749e3b8b22634b014390b7b94d456927af7762d780a82381ff2
- SSDEEP
  
  6144:Pmu6RuoJdOMDUmeNY2B8cPJKYOoWT4HQ/uMIQT0uIwtST+TVPTSAD6RVhQ18n2:uKovzUDb8WKYOd/D4uxpPGAAoi2
Score

6^/10

bootkit persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence