37b8cfd89463f594b8bb4683f4c02c6337ad1344ae312e221b548ae877c4e131 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37b8cfd89463f594b8bb4683f4c02c6337ad1344ae312e221b548ae877c4e131
Size

8.8MB
Sample

240529-ahcqdabc42
MD5

945d70810070328071a28086a9b6a813
SHA1

e89ddf53b9be80a96d52aa8950dc45c0ddd72792
SHA256

37b8cfd89463f594b8bb4683f4c02c6337ad1344ae312e221b548ae877c4e131
SHA512

e6caa3131be64d79f1e2a0a9cf2c25776f2a73e9f444f54ae6f5d0f869b66845e846741097d5abd7a354ad1373ace5936d14a3f2fe084d5b59c73169e00b0943
SSDEEP

196608:VxCJO8bpmaFdUr8YYx5BcnzvnT2jHy8LSmG/bYr9d/4+:98FmaFsRzfyry8LVG/a4+

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  37b8cfd89463f594b8bb4683f4c02c6337ad1344ae312e221b548ae877c4e131
- Size
  
  8.8MB
- MD5
  
  945d70810070328071a28086a9b6a813
- SHA1
  
  e89ddf53b9be80a96d52aa8950dc45c0ddd72792
- SHA256
  
  37b8cfd89463f594b8bb4683f4c02c6337ad1344ae312e221b548ae877c4e131
- SHA512
  
  e6caa3131be64d79f1e2a0a9cf2c25776f2a73e9f444f54ae6f5d0f869b66845e846741097d5abd7a354ad1373ace5936d14a3f2fe084d5b59c73169e00b0943
- SSDEEP
  
  196608:VxCJO8bpmaFdUr8YYx5BcnzvnT2jHy8LSmG/bYr9d/4+:98FmaFsRzfyry8LVG/a4+
Score

7^/10

bootkit persistence
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence