2d0bd517d460b20621bc534eb125b76c58732e9aa287bd907571746d748eb4ee | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d0bd517d460b20621bc534eb125b76c58732e9aa287bd907571746d748eb4ee
Size

4.8MB
Sample

240224-e6ypzahc83
MD5

3d4b901fab283e8ba42f7dc66fdf0793
SHA1

612ab75c80544d84e8e00cc6d6ed3393aa60d4f7
SHA256

2d0bd517d460b20621bc534eb125b76c58732e9aa287bd907571746d748eb4ee
SHA512

6398769a46a3d7135778ea5d804c62b61d9b9f7eb83fecc491a372f3a3c2d56ca8b9b4d73eb9055bdfa4fcddb34e4fe6db01b5ddc09bd15d63c3d09d667101d7
SSDEEP

98304:VkHauFV74BtQPGVhRiCu/CVUdVEy9qMBNP/qxct8q0rndwrndHAbs8y:S6U4UdVEy9qMBNLtaIKol

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  2d0bd517d460b20621bc534eb125b76c58732e9aa287bd907571746d748eb4ee
- Size
  
  4.8MB
- MD5
  
  3d4b901fab283e8ba42f7dc66fdf0793
- SHA1
  
  612ab75c80544d84e8e00cc6d6ed3393aa60d4f7
- SHA256
  
  2d0bd517d460b20621bc534eb125b76c58732e9aa287bd907571746d748eb4ee
- SHA512
  
  6398769a46a3d7135778ea5d804c62b61d9b9f7eb83fecc491a372f3a3c2d56ca8b9b4d73eb9055bdfa4fcddb34e4fe6db01b5ddc09bd15d63c3d09d667101d7
- SSDEEP
  
  98304:VkHauFV74BtQPGVhRiCu/CVUdVEy9qMBNP/qxct8q0rndwrndHAbs8y:S6U4UdVEy9qMBNLtaIKol
Score

8^/10

bootkit persistence
- Blocklisted process makes network request
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence