General
-
Target
fe2d3e5845f5526dd5215f7493fb1d0e
-
Size
656KB
-
Sample
231228-2vx1mabgg5
-
MD5
fe2d3e5845f5526dd5215f7493fb1d0e
-
SHA1
96af1e080755a4a80e496664ebddf0119bbb8ea8
-
SHA256
228001434b9821bf5f2c8fbeb77282d87e16938e03ec67c4d0c98f378dc002b9
-
SHA512
1a1e127965c160fdebf40828407316dfea311fa81931cbceb66fdbbff58afac6ce66748f32a2814395c2a5d7686d33d188c5b99a7e7b01f6475fcb40d11a6fe1
-
SSDEEP
12288:lQF3+R4MnGSLbyRep9pOefdV7sBReKH+TcaBrdKFO3G7ld7+E:r1FpjOeFVgQTXHKF1T7+E
Malware Config
Targets
-
-
Target
fe2d3e5845f5526dd5215f7493fb1d0e
-
Size
656KB
-
MD5
fe2d3e5845f5526dd5215f7493fb1d0e
-
SHA1
96af1e080755a4a80e496664ebddf0119bbb8ea8
-
SHA256
228001434b9821bf5f2c8fbeb77282d87e16938e03ec67c4d0c98f378dc002b9
-
SHA512
1a1e127965c160fdebf40828407316dfea311fa81931cbceb66fdbbff58afac6ce66748f32a2814395c2a5d7686d33d188c5b99a7e7b01f6475fcb40d11a6fe1
-
SSDEEP
12288:lQF3+R4MnGSLbyRep9pOefdV7sBReKH+TcaBrdKFO3G7ld7+E:r1FpjOeFVgQTXHKF1T7+E
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1