8e8e87a0a4051a0b1484cc1e2693ed75ce603b8d832364175b4383c69b34b11d | Triage

Sharing

General

Target

8e8e87a0a4051a0b1484cc1e2693ed75ce603b8d832364175b4383c69b34b11d
Size

6.1MB
Sample

240526-smrzzabf35
MD5

08b1947ca0099c0fc5898f90a407865e
SHA1

a16e3a0d35d75aee36f1509fcb25e2822794e5dc
SHA256

8e8e87a0a4051a0b1484cc1e2693ed75ce603b8d832364175b4383c69b34b11d
SHA512

3f12360c66fd608690a1fb6817a058a92388a7ceac6287688eea85c03e678dfc2022e3b9a5baf9f6cc3e1909d3e50d5d52a26199eb0d61980331a9c5bafb5e6d
SSDEEP

98304:mFZt8YpRx687onbOYjWUINPPK64KOmI59Xe:mFZtBpRx5CbOmmPPK6YmQXe

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  8e8e87a0a4051a0b1484cc1e2693ed75ce603b8d832364175b4383c69b34b11d
- Size
  
  6.1MB
- MD5
  
  08b1947ca0099c0fc5898f90a407865e
- SHA1
  
  a16e3a0d35d75aee36f1509fcb25e2822794e5dc
- SHA256
  
  8e8e87a0a4051a0b1484cc1e2693ed75ce603b8d832364175b4383c69b34b11d
- SHA512
  
  3f12360c66fd608690a1fb6817a058a92388a7ceac6287688eea85c03e678dfc2022e3b9a5baf9f6cc3e1909d3e50d5d52a26199eb0d61980331a9c5bafb5e6d
- SSDEEP
  
  98304:mFZt8YpRx687onbOYjWUINPPK64KOmI59Xe:mFZtBpRx5CbOmmPPK6YmQXe
Score

7^/10

bootkit persistence
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2