fe70baf5b474d900bc60d2eb150846326442936cae013fb42b359ec0e0153f43 | Triage

Sharing

General

Target

fe70baf5b474d900bc60d2eb150846326442936cae013fb42b359ec0e0153f43
Size

4.8MB
Sample

231126-31rw8sdb3x
MD5

21620494e2502883b4b7b78ee764ba24
SHA1

4042bd0c237aa65ecd30b2b7cb5028b7a567724d
SHA256

fe70baf5b474d900bc60d2eb150846326442936cae013fb42b359ec0e0153f43
SHA512

879b0d226f131f10d63dd9db764b0b4b3325fc5603bdb776f3850d67d651fb146b208f1900e6b8b53c2abae74704de163e8cad0024f96da3ba685379dfc2951d
SSDEEP

98304:DIdfiKLegiKBVPG5o28N15nMApRENOJtS1Xhv+:4jLdz28N1oISjv+

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  fe70baf5b474d900bc60d2eb150846326442936cae013fb42b359ec0e0153f43
- Size
  
  4.8MB
- MD5
  
  21620494e2502883b4b7b78ee764ba24
- SHA1
  
  4042bd0c237aa65ecd30b2b7cb5028b7a567724d
- SHA256
  
  fe70baf5b474d900bc60d2eb150846326442936cae013fb42b359ec0e0153f43
- SHA512
  
  879b0d226f131f10d63dd9db764b0b4b3325fc5603bdb776f3850d67d651fb146b208f1900e6b8b53c2abae74704de163e8cad0024f96da3ba685379dfc2951d
- SSDEEP
  
  98304:DIdfiKLegiKBVPG5o28N15nMApRENOJtS1Xhv+:4jLdz28N1oISjv+
Score

7^/10

bootkit discovery persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence