51d785ebbe850f179078014125bdc180db5b8f1209e0e61cea2d0dca44d36cef | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Side-Loading.rar
Size

16.9MB
Sample

240119-dbvt6aegb7
MD5

5ae1e57d4b3c0d34a1ff3edea54590c0
SHA1

9fb7a8564cf8ce9005d67697798f58432a689545
SHA256

51d785ebbe850f179078014125bdc180db5b8f1209e0e61cea2d0dca44d36cef
SHA512

1b76aaeedaa512179396bb7bf56e6a0d67fe99bdf317a60d44cb9f61d64ec3e7f83d7dbd2d6b698a88c71a244417eb6f341b67c75f859a8fc8af4f027d9657e3
SSDEEP

393216:3K7GmEQmRmGlm/au1FbIsL6rqcaYeRuGZjNP1RHusUIeGecU61S:zmEQmRm0m//1CNmVYAlDbEcF1S

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  SideLoad1/ssers.exe
- Size
  
  1.1MB
- MD5
  
  68c03959c8aeff3475494481cfd7b09b
- SHA1
  
  ac3b28832421dde3c7dc5d254cb305faf09dd4fb
- SHA256
  
  9b12a105ce2c33f49558c5bdcde4d5685e7f415e94a921cf0038b3c90436fd49
- SHA512
  
  4f19a0be66fd0c9b0f14138e85a44183546f26d02acab396567158b3f842863d7c4b8b30fd13f7477ce320ad42bd892248cf2ec820b30ef54d9f01475aa8cfc2
- SSDEEP
  
  12288:H7EiF6c0gjk3QjpvQcCQLN3kzp1aRgZvgKFo6D+UFIzfxtI4NC16C+L937Z1r:H7Eif0VeQcCQ6aR6XTkLId16CK9LZ1r
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  SideLoad2/AliIM.exe
- Size
  
  473KB
- MD5
  
  ed17abee766074018926ff48e0ce7a3d
- SHA1
  
  d6d3172176302db9ee6225ea06dc1667a814327b
- SHA256
  
  a8325bd88171952dfb45b16d8bf541e4fbe5d0e546c4e6f6d8aca32b96756dc8
- SHA512
  
  7dba4925e7aa66b172c76e294938385db09edaf652b751ca3464b03b6203387c07c13c93eafaa9707ec8ad03cc586b1d67abbc731ff6792d422f49a18c30ca86
- SSDEEP
  
  12288:Fn/NkmEfThSEAbV7eDg+gCBrH/oCGs06MXPHh5hPak5:h/NkmSzAADgXCTM/ThP5
Score

1^/10
behavioral3 behavioral4
- Target
  
  SideLoad3/AliIM.exe
- Size
  
  473KB
- MD5
  
  ed17abee766074018926ff48e0ce7a3d
- SHA1
  
  d6d3172176302db9ee6225ea06dc1667a814327b
- SHA256
  
  a8325bd88171952dfb45b16d8bf541e4fbe5d0e546c4e6f6d8aca32b96756dc8
- SHA512
  
  7dba4925e7aa66b172c76e294938385db09edaf652b751ca3464b03b6203387c07c13c93eafaa9707ec8ad03cc586b1d67abbc731ff6792d422f49a18c30ca86
- SSDEEP
  
  12288:Fn/NkmEfThSEAbV7eDg+gCBrH/oCGs06MXPHh5hPak5:h/NkmSzAADgXCTM/ThP5
Score

1^/10
behavioral5 behavioral6
- Target
  
  SideLoad4/nvdrsvc.exe
- Size
  
  109KB
- MD5
  
  a16d7c0d5ca80d16cea88949ae0f5b4b
- SHA1
  
  a4c6d9eab106e46953f98008f72150e1e86323d6
- SHA256
  
  2669f90ce96af374d13bab2e0e83c46fb8f3576d30f649512d41689188cf3c69
- SHA512
  
  668099e5993375a30e2f7e9c92469c767b08e3ae38c12851b075949a1dafc081faffd884a898ce24f118f4ba79d847c8f18139b8461b78e8fa85328e59c1a8a3
- SSDEEP
  
  1536:X0lgvuCca+vqMXtmbckNjece2dtPPvRu5sr4CAv:X0luuCcaQ9wfNKCdt35uSr4p
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8