915ceba5edafdf1ffc45792ede4269ada50809960c2d0e74fe554010f25b9afc | Triage

Sharing

General

Target

kav21.3.10.391en_26074.exe
Size

2.6MB
Sample

240418-1gqhysfe75
MD5

d0e47e632ba9144605d7bec32e126737
SHA1

9c02c04bed4cc77baab6ad8f22a9e780fedb61e3
SHA256

915ceba5edafdf1ffc45792ede4269ada50809960c2d0e74fe554010f25b9afc
SHA512

62b87616b11ec3299288f6015ad693e869f3dc795dfce7e3186d31e7e24e4490537ef68d739ed6aec1cd306c33057eff8827e8f1022503d0be3b42544b8e04a0
SSDEEP

49152:847Nlau3ZiJvDrOV9Gcwb/alTe/iXMNLdcE/EBSDre/2jX8oL:8eNlau3UJOV9GvZbRDe/2zl

Score

7^/10

bootkit evasion persistence trojan

Malware Config

Targets

- Target
  
  kav21.3.10.391en_26074.exe
- Size
  
  2.6MB
- MD5
  
  d0e47e632ba9144605d7bec32e126737
- SHA1
  
  9c02c04bed4cc77baab6ad8f22a9e780fedb61e3
- SHA256
  
  915ceba5edafdf1ffc45792ede4269ada50809960c2d0e74fe554010f25b9afc
- SHA512
  
  62b87616b11ec3299288f6015ad693e869f3dc795dfce7e3186d31e7e24e4490537ef68d739ed6aec1cd306c33057eff8827e8f1022503d0be3b42544b8e04a0
- SSDEEP
  
  49152:847Nlau3ZiJvDrOV9Gcwb/alTe/iXMNLdcE/EBSDre/2jX8oL:8eNlau3UJOV9GvZbRDe/2zl
Score

7^/10

bootkit evasion persistence trojan
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistencetrojan

behavioral2

bootkitevasionpersistencetrojan