c36cf85cb9f2146b088fe72f261ee40862a7b4839b020b6a8303b21f8004af59 | Triage

Resubmissions

22/12/2023, 09:02

231222-kzhcasebdl 8

22/12/2023, 08:51

231222-ksnkqsfhc5 3

Sharing

Copy URL Twitter E-mail

General

Target

Adolf_Hitler_-_Schloss_Belvedere.jpg
Size

83KB
Sample

231222-kzhcasebdl
MD5

ca4efa95b48dcb3e8a83942742c4dfee
SHA1

c5e62b9215f19c332869ff582e83bbc357ecee6e
SHA256

c36cf85cb9f2146b088fe72f261ee40862a7b4839b020b6a8303b21f8004af59
SHA512

a2bf3a3c3ab1b12f17b07adfdb3ba5c6448d2e1ac60a1c19996df1cd0610f2766574043bbf45242a11b15818d21bb87c2057a4811b6ee40514e0bfb5d129af30
SSDEEP

1536:N0NgUZe9KynuFs4a+/MWw8F1DS7bABSImLAa6DbrmxO7exr8:GWU49Ksp4a+GIcwBEhiqzS

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  Adolf_Hitler_-_Schloss_Belvedere.jpg
- Size
  
  83KB
- MD5
  
  ca4efa95b48dcb3e8a83942742c4dfee
- SHA1
  
  c5e62b9215f19c332869ff582e83bbc357ecee6e
- SHA256
  
  c36cf85cb9f2146b088fe72f261ee40862a7b4839b020b6a8303b21f8004af59
- SHA512
  
  a2bf3a3c3ab1b12f17b07adfdb3ba5c6448d2e1ac60a1c19996df1cd0610f2766574043bbf45242a11b15818d21bb87c2057a4811b6ee40514e0bfb5d129af30
- SSDEEP
  
  1536:N0NgUZe9KynuFs4a+/MWw8F1DS7bABSImLAa6DbrmxO7exr8:GWU49Ksp4a+GIcwBEhiqzS
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence