470d68a1985fb7fed20a2174bb5a8f8c01aa60e2815ee8aaa698fd47a0da7f5f | Triage

Sharing

General

Target

470d68a1985fb7fed20a2174bb5a8f8c01aa60e2815ee8aaa698fd47a0da7f5f
Size

3.6MB
Sample

231224-x89t5adga3
MD5

57f47fb6299df52e5ef924e44fbc81ba
SHA1

6ce8a0084a6712b91d6ad672725f829078cd98b8
SHA256

470d68a1985fb7fed20a2174bb5a8f8c01aa60e2815ee8aaa698fd47a0da7f5f
SHA512

9c0186ca4aed98d1d75552942645a143f3b3783b0bee2da3d4b0fe38aae0da02bfb0311baefff6200c87701476b04b720360671c80e1faca9c72e5a3a3d23503
SSDEEP

49152:X+2/M1h7X2Yq6lLITqTqiWab1T5NpWDD06Hhy1OD3+WDx1rQqIPsNTp7UYyw1l4i:X+2/6yNK0TqTWab1Cv1rB/YVwMq7edU

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  470d68a1985fb7fed20a2174bb5a8f8c01aa60e2815ee8aaa698fd47a0da7f5f
- Size
  
  3.6MB
- MD5
  
  57f47fb6299df52e5ef924e44fbc81ba
- SHA1
  
  6ce8a0084a6712b91d6ad672725f829078cd98b8
- SHA256
  
  470d68a1985fb7fed20a2174bb5a8f8c01aa60e2815ee8aaa698fd47a0da7f5f
- SHA512
  
  9c0186ca4aed98d1d75552942645a143f3b3783b0bee2da3d4b0fe38aae0da02bfb0311baefff6200c87701476b04b720360671c80e1faca9c72e5a3a3d23503
- SSDEEP
  
  49152:X+2/M1h7X2Yq6lLITqTqiWab1T5NpWDD06Hhy1OD3+WDx1rQqIPsNTp7UYyw1l4i:X+2/6yNK0TqTWab1Cv1rB/YVwMq7edU
Score

7^/10

bootkit persistence
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence