68b75af232cb48c632985eb103950d723e53335f1fac97b7868d6f371b78b94b | Triage

Sharing

General

Target

Sodal.exe
Size

453KB
Sample

240520-wktbssbc54
MD5

ed6bfb62734ed557cc8b9e4c2dc88376
SHA1

76634d621122baf0268b8f68ce310aaa692a87aa
SHA256

68b75af232cb48c632985eb103950d723e53335f1fac97b7868d6f371b78b94b
SHA512

d307ddb3bf73f65f597a80a8dcec35108deb4adb806dd111aac2c7081fdd1901e93583f432f29d86abdd61b940f716e9b986d6f654f05e40a0d2a22cf270107d
SSDEEP

6144:He5VCRK2EYWfBxyYcu6zfqqZveUH5bso4aIoXqlT+t1huPvZyjuPvZyU2diT1S:HMB4SqNnb76hT+t10PxBPxOQZS

Score

8^/10

bootkit evasion persistence

Malware Config

Targets

- Target
  
  Sodal.exe
- Size
  
  453KB
- MD5
  
  ed6bfb62734ed557cc8b9e4c2dc88376
- SHA1
  
  76634d621122baf0268b8f68ce310aaa692a87aa
- SHA256
  
  68b75af232cb48c632985eb103950d723e53335f1fac97b7868d6f371b78b94b
- SHA512
  
  d307ddb3bf73f65f597a80a8dcec35108deb4adb806dd111aac2c7081fdd1901e93583f432f29d86abdd61b940f716e9b986d6f654f05e40a0d2a22cf270107d
- SSDEEP
  
  6144:He5VCRK2EYWfBxyYcu6zfqqZveUH5bso4aIoXqlT+t1huPvZyjuPvZyU2diT1S:HMB4SqNnb76hT+t10PxBPxOQZS
Score

8^/10

bootkit evasion persistence
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistence