General
-
Target
a0c3da4da1e51fb53c47a0681f14ca9a.exe
-
Size
168KB
-
Sample
240107-xz79yadbf5
-
MD5
a0c3da4da1e51fb53c47a0681f14ca9a
-
SHA1
bbdac448bf011102d939af1d38375b6c73cab9b6
-
SHA256
9fe5a19eed753466edb638b3a8d55fb3a574af29aea75266729a8b89e747d223
-
SHA512
ca8fc2631a3ad61f8bfcdf4d94911bd5a8257b62b1a5fa23c77d7a0b84537c79eebc3c6a8a83f2c39f329381ff94d7db994aea9efe7f13862a1df58b054906cb
-
SSDEEP
3072:kBS9OH5a/MGN5beMnzVP4vr3/vOY1TDZz7gvXVdxN7VBfUWU1kX:kBSkfO5iMzJo3+Y1Th7qTPTks
Static task
static1
Behavioral task
behavioral1
Sample
a0c3da4da1e51fb53c47a0681f14ca9a.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
a0c3da4da1e51fb53c47a0681f14ca9a.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
a0c3da4da1e51fb53c47a0681f14ca9a.exe
-
Size
168KB
-
MD5
a0c3da4da1e51fb53c47a0681f14ca9a
-
SHA1
bbdac448bf011102d939af1d38375b6c73cab9b6
-
SHA256
9fe5a19eed753466edb638b3a8d55fb3a574af29aea75266729a8b89e747d223
-
SHA512
ca8fc2631a3ad61f8bfcdf4d94911bd5a8257b62b1a5fa23c77d7a0b84537c79eebc3c6a8a83f2c39f329381ff94d7db994aea9efe7f13862a1df58b054906cb
-
SSDEEP
3072:kBS9OH5a/MGN5beMnzVP4vr3/vOY1TDZz7gvXVdxN7VBfUWU1kX:kBSkfO5iMzJo3+Y1Th7qTPTks
Score10/10-
Modifies firewall policy service
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1