General
-
Target
a76a616213578352655baa8ec670a4af.bin
-
Size
154KB
-
Sample
240228-ckhqhsgg6z
-
MD5
a76a616213578352655baa8ec670a4af
-
SHA1
c49b7edec8d11906c6b9239b35ae3d9faaa75774
-
SHA256
cab445a0687a576ce30d1025dad52d36672aba94c0f6acfcf19b31ef4b9d44d8
-
SHA512
9eafa5e2207467b3062f5d031102d9d44c5d0c223a45c4033ea4701f97522a4a7c77d9d6001030b36143126252a87f85d300665ef73e4fa559121468d1e720b2
-
SSDEEP
3072:lK4X93xxRCcmwwOs2r/UlpyYreyzukwFrLlX+Sxd:l2OBoTdr03FrpX+od
Malware Config
Targets
-
-
Target
a76a616213578352655baa8ec670a4af.bin
-
Size
154KB
-
MD5
a76a616213578352655baa8ec670a4af
-
SHA1
c49b7edec8d11906c6b9239b35ae3d9faaa75774
-
SHA256
cab445a0687a576ce30d1025dad52d36672aba94c0f6acfcf19b31ef4b9d44d8
-
SHA512
9eafa5e2207467b3062f5d031102d9d44c5d0c223a45c4033ea4701f97522a4a7c77d9d6001030b36143126252a87f85d300665ef73e4fa559121468d1e720b2
-
SSDEEP
3072:lK4X93xxRCcmwwOs2r/UlpyYreyzukwFrLlX+Sxd:l2OBoTdr03FrpX+od
Score10/10-
Modifies firewall policy service
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1