4770469236c17651d1842cc36004bc13ff8aa6fd658cdd6ebc0aa45de15a94bc | Triage

Sharing

General

Target

51b403a697ce08a116160705495eeb24
Size

329KB
Sample

240110-1myrhshfh8
MD5

51b403a697ce08a116160705495eeb24
SHA1

7aaf9daedd0b15ef209a747bf1a21608ab0411d2
SHA256

4770469236c17651d1842cc36004bc13ff8aa6fd658cdd6ebc0aa45de15a94bc
SHA512

b3f9a34ceedd9f712749a5169004069295b13afaabadefbf6ae137aa3bed04fa4ae2c32d1a8f2b00715c42f641cd39649002e599e6595a9ed242069ae356b0c7
SSDEEP

6144:Ph3Cy0seF78sWog3r3HHuEZ20BuMpZd9nVW5GJZ2tNYLj8MfsICENSDp+M:pwpF7gbXuEZ2DMpRVzYKj86sIvNS

Score

10^/10

bootkit evasion persistence

Malware Config

Targets

- Target
  
  51b403a697ce08a116160705495eeb24
- Size
  
  329KB
- MD5
  
  51b403a697ce08a116160705495eeb24
- SHA1
  
  7aaf9daedd0b15ef209a747bf1a21608ab0411d2
- SHA256
  
  4770469236c17651d1842cc36004bc13ff8aa6fd658cdd6ebc0aa45de15a94bc
- SHA512
  
  b3f9a34ceedd9f712749a5169004069295b13afaabadefbf6ae137aa3bed04fa4ae2c32d1a8f2b00715c42f641cd39649002e599e6595a9ed242069ae356b0c7
- SSDEEP
  
  6144:Ph3Cy0seF78sWog3r3HHuEZ20BuMpZd9nVW5GJZ2tNYLj8MfsICENSDp+M:pwpF7gbXuEZ2DMpRVzYKj86sIvNS
Score

10^/10

bootkit persistence evasion
- Modifies firewall policy service
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Pre-OS Boot

Bootkit

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2