Overview

overview

8

Static

static

1

b6706f59d7...84.exe

windows7-x64

8

b6706f59d7...84.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6706f59d7e3ab5e0257565e6f6f6284.bin

  • Size

    257KB

  • Sample

    231121-c8phzacc9y

  • MD5

    b6706f59d7e3ab5e0257565e6f6f6284

  • SHA1

    b5c19d9ddd4a62a6e6842250196fb0e079f05fcb

  • SHA256

    eceab0455f6e1f7e7d61583ffc2e6cf29a1853818f3d3626fcc4852832e01f2e

  • SHA512

    f1f119225255f7ebf2d88c190f270591c6d3b655c41dcb44d9d76b0912828f289b9e724e9fea189d45b68f4450e420751bd5ec5f1761c1819611e55438b79061

  • SSDEEP

    3072:B2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCozOhhOn+TT:B0KgGwHqwOOELha+sm2D2+UhngufT

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      b6706f59d7e3ab5e0257565e6f6f6284.bin

    • Size

      257KB

    • MD5

      b6706f59d7e3ab5e0257565e6f6f6284

    • SHA1

      b5c19d9ddd4a62a6e6842250196fb0e079f05fcb

    • SHA256

      eceab0455f6e1f7e7d61583ffc2e6cf29a1853818f3d3626fcc4852832e01f2e

    • SHA512

      f1f119225255f7ebf2d88c190f270591c6d3b655c41dcb44d9d76b0912828f289b9e724e9fea189d45b68f4450e420751bd5ec5f1761c1819611e55438b79061

    • SSDEEP

      3072:B2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCozOhhOn+TT:B0KgGwHqwOOELha+sm2D2+UhngufT

    Score
    8/10
    bootkitpersistence

    • Downloads MZ/PE file

    • Checks for any installed AV software in registry

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Software Discovery

1
T1518

Security Software Discovery

1
T1518.001

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks