d0a300e4f383ec69a19a637b1c997cef17a873f40efe3363394184b3314d3617 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ba249bdc7b422f0ebbdaba5b7f51d7f8
Size

842KB
Sample

240308-bkztcsbb89
MD5

ba249bdc7b422f0ebbdaba5b7f51d7f8
SHA1

f77833ccbd8b29fcac16c48890689c61d4c2f210
SHA256

d0a300e4f383ec69a19a637b1c997cef17a873f40efe3363394184b3314d3617
SHA512

8f445ebb50454d963828580c9b6c16d5eae2166433555636243ae5f0159d36aa0fb237471235b5e17780b42ae38199b2ad51e384b07ad47070edec61e1042264
SSDEEP

12288:KBIa6ZrPwKv4Bve+W0ytqnMtMaaiaT1KNb8zSMqmSt0nKApzhygJO7/uVU:KBZibwa4WD0MuaTaTENbQTFn/z4H7/uC

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  lxz20100101.exe
- Size
  
  857KB
- MD5
  
  2ff6e47f1f01bbfe1c6c64b6ae743465
- SHA1
  
  d1a6edc9ef8bd4cff95a01d05045b3e0b0b4ec48
- SHA256
  
  85fe6d4c5e00a957eb2d9e71b52c0e9861eeccdd9e6d2c3cc2dc04a0e50e3245
- SHA512
  
  751876f2884881dccfbaa61f821c51200f96ed7eaa0e511b38fbb0b21a3b08a537ccfb6c18b7f04bcf9d05eb19b949efd13eb9fe082359c430205eb445ae6fae
- SSDEEP
  
  24576:4u72yrRsR1uZXJ7/0lBzVkQHOhkBejtacT7x99:4USIXJj0zJHQkBk3T7x7
Score

7^/10

bootkit persistence
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  新云软件.url
- Size
  
  133B
- MD5
  
  4f0017b3b346bd0626f0c3b915e6e734
- SHA1
  
  823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
- SHA256
  
  df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
- SHA512
  
  0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

behavioral3

behavioral4