435d2610aebbdfac613d8cf22749616ac411ad9717aabf91a9291120371add56 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

.html

windows11-21h2-x64

Sharing

General

Target

.
Size

153KB
Sample

240524-szc2ksba67
MD5

a6c90e8009dbb677531398bbe23c75eb
SHA1

af7af53bfc0f4db150857a07fbe237f81b4fd116
SHA256

435d2610aebbdfac613d8cf22749616ac411ad9717aabf91a9291120371add56
SHA512

74914234cb9e96434563714460f98e4a43db200e9aafcd1cfa36914639daf79ce606a951d66f06c373af71d5a4684588732b53e38688f89b4a952f3ab3f54dff
SSDEEP

1536:o7k8bHxYftVkMn1/R4Dillk0zSP30vD9328s4DiHhqiS:8k8ifPnRpllBwIoHhqiS

Score

9^/10

bootkit discovery evasion persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

.html

Resource

win11-20240426-en

bootkit discovery evasion persistence ransomware

windows11-21h2-x64

20 signatures

1800 seconds

Malware Config

Targets

- Target
  
  .
- Size
  
  153KB
- MD5
  
  a6c90e8009dbb677531398bbe23c75eb
- SHA1
  
  af7af53bfc0f4db150857a07fbe237f81b4fd116
- SHA256
  
  435d2610aebbdfac613d8cf22749616ac411ad9717aabf91a9291120371add56
- SHA512
  
  74914234cb9e96434563714460f98e4a43db200e9aafcd1cfa36914639daf79ce606a951d66f06c373af71d5a4684588732b53e38688f89b4a952f3ab3f54dff
- SSDEEP
  
  1536:o7k8bHxYftVkMn1/R4Dillk0zSP30vD9328s4DiHhqiS:8k8ifPnRpllBwIoHhqiS
Score

9^/10

bootkit discovery evasion persistence ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistenceransomware

© 2018-2024

Terms | Privacy