2545b5160c56ec9f497676e722b42f885934690fa70dba0c5734ca7d7dba56b4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e8116ac16ab20efc1f29841f355743d1.bin
Size

4.2MB
Sample

231121-drhvjace4y
MD5

e8116ac16ab20efc1f29841f355743d1
SHA1

f22381deec29d4686196f1e7a72223844f73b63e
SHA256

2545b5160c56ec9f497676e722b42f885934690fa70dba0c5734ca7d7dba56b4
SHA512

0e18600de20ce6406e5e82ebfbf8037604dc2ef956502625a68f1ef1f8f2ca1696332a7b5ea00ebdc519a7ff68a0384c6c6181d6aeb80be787ef4be65f3cf452
SSDEEP

98304:U54Z69H/gO6/JTTI06297x8fiW0ngGJLRkNaskgRqc5cAFe6lWXQ25dx:sH/gO6/JTTP7x3nxiNasXverP

Score

8^/10

bootkit evasion persistence trojan

Malware Config

Targets

- Target
  
  e8116ac16ab20efc1f29841f355743d1.bin
- Size
  
  4.2MB
- MD5
  
  e8116ac16ab20efc1f29841f355743d1
- SHA1
  
  f22381deec29d4686196f1e7a72223844f73b63e
- SHA256
  
  2545b5160c56ec9f497676e722b42f885934690fa70dba0c5734ca7d7dba56b4
- SHA512
  
  0e18600de20ce6406e5e82ebfbf8037604dc2ef956502625a68f1ef1f8f2ca1696332a7b5ea00ebdc519a7ff68a0384c6c6181d6aeb80be787ef4be65f3cf452
- SSDEEP
  
  98304:U54Z69H/gO6/JTTI06297x8fiW0ngGJLRkNaskgRqc5cAFe6lWXQ25dx:sH/gO6/JTTP7x3nxiNasXverP
Score

8^/10

bootkit evasion persistence trojan
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistencetrojan

behavioral2

bootkitevasionpersistencetrojan