95c16c2f74bfe9878117d341d4b259c5327f87fc10e8407b27e9a905aff0ac11 | Triage

Sharing

General

Target

95c16c2f74bfe9878117d341d4b259c5327f87fc10e8407b27e9a905aff0ac11
Size

256KB
Sample

240212-amncnsdb7v
MD5

56354f6191810e362bf2ae7b3f6e82b4
SHA1

98260eb9dbec4ef777939937b4ca797ac336e3ff
SHA256

95c16c2f74bfe9878117d341d4b259c5327f87fc10e8407b27e9a905aff0ac11
SHA512

fb40abe4838e4026a4b1c826566454ff181e68bf7f7929777f2ea63e55a8242c65f12dffb274e8c46f5f1bcb7f42661c41e7b2a62ed39050814a45de54ab8b30
SSDEEP

6144:bCfHrZae3GFqRQcMeh4WpywpjchNCPnAeb:bCfLZadcM24fRNXe

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  95c16c2f74bfe9878117d341d4b259c5327f87fc10e8407b27e9a905aff0ac11
- Size
  
  256KB
- MD5
  
  56354f6191810e362bf2ae7b3f6e82b4
- SHA1
  
  98260eb9dbec4ef777939937b4ca797ac336e3ff
- SHA256
  
  95c16c2f74bfe9878117d341d4b259c5327f87fc10e8407b27e9a905aff0ac11
- SHA512
  
  fb40abe4838e4026a4b1c826566454ff181e68bf7f7929777f2ea63e55a8242c65f12dffb274e8c46f5f1bcb7f42661c41e7b2a62ed39050814a45de54ab8b30
- SSDEEP
  
  6144:bCfHrZae3GFqRQcMeh4WpywpjchNCPnAeb:bCfLZadcM24fRNXe
Score

6^/10

bootkit persistence
- Checks for any installed AV software in registry
- Downloads MZ/PE file
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence