dfc801a31ad38377e41a69488112ccf17dc5c2f7fae0abd598616456de813a8d | Triage

Sharing

General

Target

2024-04-28_2926682f771bdcc434675f1ba9db1f12_mafia
Size

1.2MB
Sample

240428-btv7jada32
MD5

2926682f771bdcc434675f1ba9db1f12
SHA1

fe48d4aedf51f6bb23eec3ebe95c7532ad009c3a
SHA256

dfc801a31ad38377e41a69488112ccf17dc5c2f7fae0abd598616456de813a8d
SHA512

818835e444a43dabcd8d835dce7600d69bfd404701362252cff1e07919238297aecf275aaf524543b854ae757714a2795db668649ee57512cd0c78b3246df992
SSDEEP

24576:EwadFfjzKywiBvnfW5gyttUkq90IRESB5jUIZTSuyj3Xe97WAJ:Ewof/Kyw2fW5gy/Ukq/L5jjTSDUiE

Score

6^/10

bootkit evasion persistence trojan

Malware Config

Targets

- Target
  
  2024-04-28_2926682f771bdcc434675f1ba9db1f12_mafia
- Size
  
  1.2MB
- MD5
  
  2926682f771bdcc434675f1ba9db1f12
- SHA1
  
  fe48d4aedf51f6bb23eec3ebe95c7532ad009c3a
- SHA256
  
  dfc801a31ad38377e41a69488112ccf17dc5c2f7fae0abd598616456de813a8d
- SHA512
  
  818835e444a43dabcd8d835dce7600d69bfd404701362252cff1e07919238297aecf275aaf524543b854ae757714a2795db668649ee57512cd0c78b3246df992
- SSDEEP
  
  24576:EwadFfjzKywiBvnfW5gyttUkq90IRESB5jUIZTSuyj3Xe97WAJ:Ewof/Kyw2fW5gy/Ukq/L5jjTSDUiE
Score

6^/10

bootkit evasion persistence trojan
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistencetrojan

behavioral2

bootkitevasionpersistencetrojan