cef200994f70143bb882958ed241a2cb7dcdbd75afbc8a908ca94d1edfd23ce4 | Triage

Sharing

General

Target

cef200994f70143bb882958ed241a2cb7dcdbd75afbc8a908ca94d1edfd23ce4
Size

3.6MB
Sample

231120-xpdycaaf3y
MD5

6805dcfc6935c9fb466b10224ccdc5dd
SHA1

c50f3504b318f71099a3e4cb1948c04d90586769
SHA256

cef200994f70143bb882958ed241a2cb7dcdbd75afbc8a908ca94d1edfd23ce4
SHA512

abfd32786c3f88f66cd60776b81e32929eb411928faa3733da4252348839741de24d573dfbde085950760f33e7c7a4c5c642fd240286b33acb86028427285414
SSDEEP

49152:T+2/M1h7X2Yq6lLITqTqiWab1T5NpWDD06Hhy1OD3+WDx1rQqIPsNTp7UY0w1l4H:T+2/6yNK0TqTWab1Cv1rBJYzP/q7eJ

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  cef200994f70143bb882958ed241a2cb7dcdbd75afbc8a908ca94d1edfd23ce4
- Size
  
  3.6MB
- MD5
  
  6805dcfc6935c9fb466b10224ccdc5dd
- SHA1
  
  c50f3504b318f71099a3e4cb1948c04d90586769
- SHA256
  
  cef200994f70143bb882958ed241a2cb7dcdbd75afbc8a908ca94d1edfd23ce4
- SHA512
  
  abfd32786c3f88f66cd60776b81e32929eb411928faa3733da4252348839741de24d573dfbde085950760f33e7c7a4c5c642fd240286b33acb86028427285414
- SSDEEP
  
  49152:T+2/M1h7X2Yq6lLITqTqiWab1T5NpWDD06Hhy1OD3+WDx1rQqIPsNTp7UY0w1l4H:T+2/6yNK0TqTWab1Cv1rBJYzP/q7eJ
Score

7^/10

bootkit persistence
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence