General
-
Target
1e2f264dcb18c99efde72203397b4bb1
-
Size
572KB
-
Sample
231230-16rsbaafek
-
MD5
1e2f264dcb18c99efde72203397b4bb1
-
SHA1
aa2806ae043909d97bb758b42023429347439ea6
-
SHA256
84687c1731cad90d812aba959aaff093d528df05b10f7836e867425d3457bc5c
-
SHA512
89c22072335824a7848374f2da0ddf100b5ef0e3285cde6cd8e23958d14e1c73b6ca67ed6ec72eece9e269fd0242a3a9790f0dc5872a13834817895247f31d91
-
SSDEEP
12288:beZiUXh6yIzAoSDPgCF8jDByjm4SGo435a7:beiUXh6ynTDoiwVvbGo435K
Malware Config
Targets
-
-
Target
1e2f264dcb18c99efde72203397b4bb1
-
Size
572KB
-
MD5
1e2f264dcb18c99efde72203397b4bb1
-
SHA1
aa2806ae043909d97bb758b42023429347439ea6
-
SHA256
84687c1731cad90d812aba959aaff093d528df05b10f7836e867425d3457bc5c
-
SHA512
89c22072335824a7848374f2da0ddf100b5ef0e3285cde6cd8e23958d14e1c73b6ca67ed6ec72eece9e269fd0242a3a9790f0dc5872a13834817895247f31d91
-
SSDEEP
12288:beZiUXh6yIzAoSDPgCF8jDByjm4SGo435a7:beiUXh6ynTDoiwVvbGo435K
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Pre-OS Boot
1Bootkit
1