General
-
Target
8b0075d01feddc0e208f8f2aae108b7f
-
Size
1024KB
-
Sample
240203-bjrrcsddd2
-
MD5
8b0075d01feddc0e208f8f2aae108b7f
-
SHA1
6053422705f97eaada22b36f18fce84d25b52122
-
SHA256
2f91707c2f568417938f4aea7783e4056f573675440af224e02c5961ad071832
-
SHA512
f476e00f2fae5fb4c9914b52ea6f54f58c9bd26d4e2c2ee97837e1be84498f73fd65293366dd3bd4f3b39425eec7a9826312d0347d2de96290467ab4a86e247c
-
SSDEEP
12288:sQPPBj7OeDKBl2GDnvuKfmkSBjhMvnaPuwjhyiigf96Zy62B:sQJ7OeDEsGr3+k2V0CNjhyi3YZ72
Malware Config
Targets
-
-
Target
8b0075d01feddc0e208f8f2aae108b7f
-
Size
1024KB
-
MD5
8b0075d01feddc0e208f8f2aae108b7f
-
SHA1
6053422705f97eaada22b36f18fce84d25b52122
-
SHA256
2f91707c2f568417938f4aea7783e4056f573675440af224e02c5961ad071832
-
SHA512
f476e00f2fae5fb4c9914b52ea6f54f58c9bd26d4e2c2ee97837e1be84498f73fd65293366dd3bd4f3b39425eec7a9826312d0347d2de96290467ab4a86e247c
-
SSDEEP
12288:sQPPBj7OeDKBl2GDnvuKfmkSBjhMvnaPuwjhyiigf96Zy62B:sQJ7OeDEsGr3+k2V0CNjhyi3YZ72
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1