86c9996b513540574d13cd2c0d075cd0b9e8baca7bdc5b5a7cbfdc163e4973a4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

86c9996b513540574d13cd2c0d075cd0b9e8baca7bdc5b5a7cbfdc163e4973a4
Size

10.0MB
Sample

240308-jttmpsad89
MD5

a77f7a9507099c78e4d1b116275706e0
SHA1

970e58fc55f0594552dbde79877433aa85d2ba38
SHA256

86c9996b513540574d13cd2c0d075cd0b9e8baca7bdc5b5a7cbfdc163e4973a4
SHA512

18683263317d495f28b6c0f12e0ad7830348e05de8202c0b1ff4cf2aa5b5dee495e41499e24fffc0143bd76f5eeece0ffa64761b44e0eba843db71df732b75a2
SSDEEP

196608:nPx1dx2f9MmzHwuokrcjoW7KHwhFlz2m3+i3dzjJER:n+f9Mmz1xWKHG2m3PJtER

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  86c9996b513540574d13cd2c0d075cd0b9e8baca7bdc5b5a7cbfdc163e4973a4
- Size
  
  10.0MB
- MD5
  
  a77f7a9507099c78e4d1b116275706e0
- SHA1
  
  970e58fc55f0594552dbde79877433aa85d2ba38
- SHA256
  
  86c9996b513540574d13cd2c0d075cd0b9e8baca7bdc5b5a7cbfdc163e4973a4
- SHA512
  
  18683263317d495f28b6c0f12e0ad7830348e05de8202c0b1ff4cf2aa5b5dee495e41499e24fffc0143bd76f5eeece0ffa64761b44e0eba843db71df732b75a2
- SSDEEP
  
  196608:nPx1dx2f9MmzHwuokrcjoW7KHwhFlz2m3+i3dzjJER:n+f9Mmz1xWKHG2m3PJtER
Score

7^/10

bootkit discovery persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence