1090c71d08d8016f2f167a03014c8bc4fd6dd26e69aa1f43823dcc583448a244 | Triage

Sharing

General

Target

4b2711242e8ef1e2ff2f1ee2646b9e11
Size

341KB
Sample

240108-l697bsffgj
MD5

4b2711242e8ef1e2ff2f1ee2646b9e11
SHA1

257844fd532852e93194b8c4be11617086dc1933
SHA256

1090c71d08d8016f2f167a03014c8bc4fd6dd26e69aa1f43823dcc583448a244
SHA512

8efbd5886a844211ad60e6ef8634046ea5ae7e87008a3bbd09be80806e99a1074d0d42f50315f38d2db69db36f9e9c851b0c55383ea555971e8a1462313dc1a3
SSDEEP

6144:rq9wyYx+jX2OF18xe16JUoFCPemmw1POASK0ueTFfKhWkP2N7cCvPXvahg5:rq9wdxhygFZwDYFKWkP4cUPWg5

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  4b2711242e8ef1e2ff2f1ee2646b9e11
- Size
  
  341KB
- MD5
  
  4b2711242e8ef1e2ff2f1ee2646b9e11
- SHA1
  
  257844fd532852e93194b8c4be11617086dc1933
- SHA256
  
  1090c71d08d8016f2f167a03014c8bc4fd6dd26e69aa1f43823dcc583448a244
- SHA512
  
  8efbd5886a844211ad60e6ef8634046ea5ae7e87008a3bbd09be80806e99a1074d0d42f50315f38d2db69db36f9e9c851b0c55383ea555971e8a1462313dc1a3
- SSDEEP
  
  6144:rq9wyYx+jX2OF18xe16JUoFCPemmw1POASK0ueTFfKhWkP2N7cCvPXvahg5:rq9wdxhygFZwDYFKWkP4cUPWg5
Score

7^/10

bootkit persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence