182699e264a70636924b994cebad5b06ccdcd96480be3a6b970816f3adba4f45 | Triage

Sharing

General

Target

kaspersky4win202121.16.6.467en_39970.exe
Size

4.2MB
Sample

240504-teaw6add72
MD5

88a9e8f8edfd369e7a45d35ecbd788ab
SHA1

6c58421606592ea59418b9f79983d018c19bda06
SHA256

182699e264a70636924b994cebad5b06ccdcd96480be3a6b970816f3adba4f45
SHA512

6892707be382751b466d43227172b8da913f531e4f257527e7b50e87bf1226a8c6730f9eaa9c617549440049695fdbc317e3d39b4d325382c8e4e0ee540bf2ab
SSDEEP

98304:qO/RG6LkIN84klIci68xnTznF2uHozbMUoTV7G0dj1AmKs3/B:hL24kDi6eTznqbMUoTxGy5t/B

Score

6^/10

bootkit evasion persistence trojan

Malware Config

Targets

- Target
  
  kaspersky4win202121.16.6.467en_39970.exe
- Size
  
  4.2MB
- MD5
  
  88a9e8f8edfd369e7a45d35ecbd788ab
- SHA1
  
  6c58421606592ea59418b9f79983d018c19bda06
- SHA256
  
  182699e264a70636924b994cebad5b06ccdcd96480be3a6b970816f3adba4f45
- SHA512
  
  6892707be382751b466d43227172b8da913f531e4f257527e7b50e87bf1226a8c6730f9eaa9c617549440049695fdbc317e3d39b4d325382c8e4e0ee540bf2ab
- SSDEEP
  
  98304:qO/RG6LkIN84klIci68xnTznF2uHozbMUoTV7G0dj1AmKs3/B:hL24kDi6eTznqbMUoTxGy5t/B
Score

6^/10

bootkit evasion persistence trojan
- Checks for any installed AV software in registry
- Checks whether UAC is enabled
  evasion trojan
- Downloads MZ/PE file
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistencetrojan

behavioral2

bootkitevasionpersistencetrojan