99daf146aa2489ced5e8763fa5c5de67019de80369383402bd1e422127960fff | Triage

Sharing

General

Target

e9b513146741397c9731871a5e911239
Size

54KB
Sample

231222-tlyxkagdb4
MD5

e9b513146741397c9731871a5e911239
SHA1

754a8ecace3d3ab6b81c8be7d8d24af31ed91f16
SHA256

99daf146aa2489ced5e8763fa5c5de67019de80369383402bd1e422127960fff
SHA512

cdc70846b5824a6db474786579167d3e23830a2cf38c5725a32bd4d08b53eae222c8f5f15c284c65d922b2ca23aef6d19be4c3085a23a966363f3080c6ec1e55
SSDEEP

1536:IuqXk2fJWIIsrxYvaRvNaKMu+/Jj8DT1iy11WZwoQD:Nek0KiR1uu+/Md1bD

Score

9^/10

bootkit evasion persistence

Malware Config

Targets

- Target
  
  e9b513146741397c9731871a5e911239
- Size
  
  54KB
- MD5
  
  e9b513146741397c9731871a5e911239
- SHA1
  
  754a8ecace3d3ab6b81c8be7d8d24af31ed91f16
- SHA256
  
  99daf146aa2489ced5e8763fa5c5de67019de80369383402bd1e422127960fff
- SHA512
  
  cdc70846b5824a6db474786579167d3e23830a2cf38c5725a32bd4d08b53eae222c8f5f15c284c65d922b2ca23aef6d19be4c3085a23a966363f3080c6ec1e55
- SSDEEP
  
  1536:IuqXk2fJWIIsrxYvaRvNaKMu+/Jj8DT1iy11WZwoQD:Nek0KiR1uu+/Md1bD
Score

9^/10

bootkit evasion persistence
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Blocklisted process makes network request
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistence

behavioral2

bootkitevasionpersistence