42d533f88ea4718426d0dd50b083bedb97a66029f18c167389abc5bec0e8730c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42d533f88ea4718426d0dd50b083bedb97a66029f18c167389abc5bec0e8730c
Size

3.6MB
Sample

231127-ky8svsfd8x
MD5

7c57d637cac7a040fb99c721d4ec8f9d
SHA1

735cb24af72f18471bbce6732d671aedd62e21de
SHA256

42d533f88ea4718426d0dd50b083bedb97a66029f18c167389abc5bec0e8730c
SHA512

ebe7e04e82d1a7ffa665066fe65679fc1fd8a7b67842e5267ea0d5bb95e0bbff86810c0a26b7b95e471de3f06751cbc4717909aabe77d1d90f6e10ecc12a3ec6
SSDEEP

49152:8+2/M1h7X2Yq6lLITqTqiWab1T5NpWDD06Hhy1OD3+WDx1rQqIPsNTp7UYaw1l4V:8+2/6yNK0TqTWab1Cv1rBHYBsvq7em

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  42d533f88ea4718426d0dd50b083bedb97a66029f18c167389abc5bec0e8730c
- Size
  
  3.6MB
- MD5
  
  7c57d637cac7a040fb99c721d4ec8f9d
- SHA1
  
  735cb24af72f18471bbce6732d671aedd62e21de
- SHA256
  
  42d533f88ea4718426d0dd50b083bedb97a66029f18c167389abc5bec0e8730c
- SHA512
  
  ebe7e04e82d1a7ffa665066fe65679fc1fd8a7b67842e5267ea0d5bb95e0bbff86810c0a26b7b95e471de3f06751cbc4717909aabe77d1d90f6e10ecc12a3ec6
- SSDEEP
  
  49152:8+2/M1h7X2Yq6lLITqTqiWab1T5NpWDD06Hhy1OD3+WDx1rQqIPsNTp7UYaw1l4V:8+2/6yNK0TqTWab1Cv1rBHYBsvq7em
Score

7^/10

bootkit persistence
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence