67ea9e1543b631fc484440cb21fb8eba177faea04601c0e5f1e34b7a66158e30 | Triage

Sharing

General

Target

67ea9e1543b631fc484440cb21fb8eba177faea04601c0e5f1e34b7a66158e30
Size

6.8MB
Sample

240328-xmzf9sdf8s
MD5

3177a0d4500d5f502a6ef3212d0e114f
SHA1

592cfd3953d17502d90d0cf2579cdf87c0e8d4db
SHA256

67ea9e1543b631fc484440cb21fb8eba177faea04601c0e5f1e34b7a66158e30
SHA512

6d77800148ae1bf88f2edfc983062a9868b2133ab51c7d35953418e027f2ca1b8688e3c6507f2a45a42573b3e847683b80e242b53e389bcb8c1bf9309126e557
SSDEEP

98304:f+2/6yNK0TqTWab1Cv1rBRYpxIcbkS79//enZPJOm4f0URyRr2Eq7eM:f+PfTH/Tbl1mnGbsiUhqJ

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  67ea9e1543b631fc484440cb21fb8eba177faea04601c0e5f1e34b7a66158e30
- Size
  
  6.8MB
- MD5
  
  3177a0d4500d5f502a6ef3212d0e114f
- SHA1
  
  592cfd3953d17502d90d0cf2579cdf87c0e8d4db
- SHA256
  
  67ea9e1543b631fc484440cb21fb8eba177faea04601c0e5f1e34b7a66158e30
- SHA512
  
  6d77800148ae1bf88f2edfc983062a9868b2133ab51c7d35953418e027f2ca1b8688e3c6507f2a45a42573b3e847683b80e242b53e389bcb8c1bf9309126e557
- SSDEEP
  
  98304:f+2/6yNK0TqTWab1Cv1rBRYpxIcbkS79//enZPJOm4f0URyRr2Eq7eM:f+PfTH/Tbl1mnGbsiUhqJ
Score

7^/10

bootkit persistence
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence