0ad4d816c1d0c42369d56b7580dc3398703ecb105ca436a6246794c7029efa3d | Triage

Sharing

General

Target

0ad4d816c1d0c42369d56b7580dc3398703ecb105ca436a6246794c7029efa3d
Size

2.4MB
Sample

240525-vqak7sbe2z
MD5

357178c2aea68353a220957e1f5aa73a
SHA1

ee3673c7e77cef10e122c39b4997cd247d443605
SHA256

0ad4d816c1d0c42369d56b7580dc3398703ecb105ca436a6246794c7029efa3d
SHA512

002b5b1a1d1cef983c0f7e475b52461fa5d33ceb18023a2aa91f7f684cd7dfe5a4ffe3c3f0982f113c4480ed7d28d07082260df3ac4e8be8ed66ed86897e5e87
SSDEEP

49152:JoNgRf9tTkvqHWzKVcBd6o6nt2rK09G4lyo0ZacSiLUswRI/CIJ4:J+Qf7cqA0bt2rK09cohiLUbQJJ4

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  0ad4d816c1d0c42369d56b7580dc3398703ecb105ca436a6246794c7029efa3d
- Size
  
  2.4MB
- MD5
  
  357178c2aea68353a220957e1f5aa73a
- SHA1
  
  ee3673c7e77cef10e122c39b4997cd247d443605
- SHA256
  
  0ad4d816c1d0c42369d56b7580dc3398703ecb105ca436a6246794c7029efa3d
- SHA512
  
  002b5b1a1d1cef983c0f7e475b52461fa5d33ceb18023a2aa91f7f684cd7dfe5a4ffe3c3f0982f113c4480ed7d28d07082260df3ac4e8be8ed66ed86897e5e87
- SSDEEP
  
  49152:JoNgRf9tTkvqHWzKVcBd6o6nt2rK09G4lyo0ZacSiLUswRI/CIJ4:J+Qf7cqA0bt2rK09cohiLUbQJJ4
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2