b3020dd6c9ffceaba72c465c8d596cf04e2d7388b4fd58f10d78be6b91a7e99d | Triage

Resubmissions

21-05-2024 14:25

240521-rrjzgshb5x 8

21-05-2024 14:22

240521-rpy1magh69 8

29-02-2024 20:48

240229-zlxbmacb5s 8

Sharing

General

Target

Unconfirmed 728470.crdownload
Size

203KB
Sample

240521-rpy1magh69
MD5

19a966f0b86c67659b15364e89f3748b
SHA1

94075399f5f8c6f73258024bf442c0bf8600d52b
SHA256

b3020dd6c9ffceaba72c465c8d596cf04e2d7388b4fd58f10d78be6b91a7e99d
SHA512

60a926114d21e43c867187c6890dd1b4809c855a8011fcc921e6c20b6d1fb274c2e417747f1eef0d64919bc4f3a9b6a7725c87240c20b70e87a5ff6eba563427
SSDEEP

6144:AX0xX7MnBGkuOtEZlwuO2lJwz7EeQG+YSGL:AWXKuVZQ27oEhVYbL

Score

8^/10

bootkit evasion persistence

Malware Config

Targets

- Target
  
  salinewin-safety.exe
- Size
  
  245KB
- MD5
  
  601283c004aa6e4bcebfb6e844eb653c
- SHA1
  
  9c3dde5abd1056497f03f5ae5a3dc6ffed1028cf
- SHA256
  
  279a19315055e93a80c558bf9d9a7c8b4aba8fc8f8f3e812df8619e959abbcae
- SHA512
  
  feeaebc7c097c724f0cea539729729a7512eb0c75c45b7395cd1d7b3ab643f11fb8b941373b30b12d14b837ff53793fdf49fd70f524c9f6391285d62cf4a7c06
- SSDEEP
  
  3072:0Rz5n9Sae432oSLsMT3myjTvoTboVEBZP5pHQpYR95WPNp1wH:0T64a74LZPPHQpY35WPNpW
Score

1^/10
behavioral1
- Target
  
  salinewin.exe
- Size
  
  283KB
- MD5
  
  2b1e9226d7e1015552a21faca891ec41
- SHA1
  
  f87fcbe10fa9312048214d4473498ad4f9f331ce
- SHA256
  
  7163fefbf2f865ef78a2d3d4480532fffb979300d6f0a77b6f3fc5c4b0d2cada
- SHA512
  
  1852f6d05c9fca962178bc190bc8c90f0ca54ea99714480690f44417e49eee6c392579091ae8a6cd053ec47ad1980dbbbc0db3e0e00520ee1bdbadbf8dc9d69e
- SSDEEP
  
  3072:HZVUJ58IAelkapH3shY6iEwgaBZP5pHQpYR95WPNpNMl3:nUJ5PzB5ZPPHQpY35WPNpGl3
Score

8^/10

bootkit evasion persistence
- Disables Task Manager via registry modification
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bootkitevasionpersistence