General
-
Target
5b4040aa0f20f5d333ee8ce78f08ba05
-
Size
164KB
-
Sample
231226-ht5jjahhap
-
MD5
5b4040aa0f20f5d333ee8ce78f08ba05
-
SHA1
4c392de7481bf51ad271e7a7e0e6eaed6c307fde
-
SHA256
98bd72c2c82c4f6aeaf4227120ae35d2e1ada98d856bf81671dcd4dbd436fb25
-
SHA512
64e9b63a67e43e470c7f8c6c7ee306000e66efa964d24bc1c7a87448584cbecede4a6ee144b95f782d4681c9bd1614c66f0fa91a4fc03417cc92c7cc70f40b59
-
SSDEEP
3072:TDOlMukj+p7fIDxz189f6WBDluJ0b5GGjq+9kEe6KFsP4:T3Q7fID3kv5Fjq+GWKFsP4
Malware Config
Targets
-
-
Target
5b4040aa0f20f5d333ee8ce78f08ba05
-
Size
164KB
-
MD5
5b4040aa0f20f5d333ee8ce78f08ba05
-
SHA1
4c392de7481bf51ad271e7a7e0e6eaed6c307fde
-
SHA256
98bd72c2c82c4f6aeaf4227120ae35d2e1ada98d856bf81671dcd4dbd436fb25
-
SHA512
64e9b63a67e43e470c7f8c6c7ee306000e66efa964d24bc1c7a87448584cbecede4a6ee144b95f782d4681c9bd1614c66f0fa91a4fc03417cc92c7cc70f40b59
-
SSDEEP
3072:TDOlMukj+p7fIDxz189f6WBDluJ0b5GGjq+9kEe6KFsP4:T3Q7fID3kv5Fjq+GWKFsP4
Score10/10-
Modifies firewall policy service
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Pre-OS Boot
1Bootkit
1