e29f0e8faa91b0bfd62b1819aeb4ae09980e9880daeed0459d019b4c232d7a07 | Triage

Sharing

General

Target

迅雷.exe
Size

6.6MB
Sample

240426-nwezjsff2x
MD5

4c1c7a1bd28d01d04f9cfb5b81484c08
SHA1

8eeb5a933ece7bd62e9cdc44b7e225ee4f568ada
SHA256

e29f0e8faa91b0bfd62b1819aeb4ae09980e9880daeed0459d019b4c232d7a07
SHA512

04860f54098940499ffa3469cd31cb9ebb5c21cbbcf91e0530d9296f54bf81fff0e191a5ee48f1b68da88b2e5545320d3c6d01a281f338e9ed87e29178a2fb35
SSDEEP

196608:0dRsVpks/aTD4i5x251EGNBHRWcfbQAIxf9IKP:0ipksST82OPN1RR0AIx9I+

Score

6^/10

bootkit evasion persistence

Malware Config

Targets

- Target
  
  迅雷.exe
- Size
  
  6.6MB
- MD5
  
  4c1c7a1bd28d01d04f9cfb5b81484c08
- SHA1
  
  8eeb5a933ece7bd62e9cdc44b7e225ee4f568ada
- SHA256
  
  e29f0e8faa91b0bfd62b1819aeb4ae09980e9880daeed0459d019b4c232d7a07
- SHA512
  
  04860f54098940499ffa3469cd31cb9ebb5c21cbbcf91e0530d9296f54bf81fff0e191a5ee48f1b68da88b2e5545320d3c6d01a281f338e9ed87e29178a2fb35
- SSDEEP
  
  196608:0dRsVpks/aTD4i5x251EGNBHRWcfbQAIxf9IKP:0ipksST82OPN1RR0AIx9I+
Score

6^/10

bootkit evasion persistence
- Modifies Windows Firewall
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Pre-OS Boot

Bootkit

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistence

behavioral2

bootkitevasionpersistence