ccf328589b56f0052d7aaab2da14b9a488559a86cc6907acac0fdc468e62931a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ccf328589b56f0052d7aaab2da14b9a488559a86cc6907acac0fdc468e62931a
Size

2.3MB
Sample

240529-hc1h9aed55
MD5

5aafd9fe0bb6f9199a5986707f3a09a8
SHA1

32d3a76c5fc0f0224d2f3051c72e8abdbeccac1b
SHA256

ccf328589b56f0052d7aaab2da14b9a488559a86cc6907acac0fdc468e62931a
SHA512

007e3cd0b9eb83aa8dd8fbbb72fdf1eca552660ac616558218eb63617ef08e3bf170b6c4031f3625c167eccc7fcf8949da5eefed77371cc289c83354661f59d7
SSDEEP

49152:K7Z4R+XwXLR2R79dXTDvtS+fzZtTu66NvTYKEiT2vv/eK:RR17QR7/nvtLZtO9UYc2K

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  ccf328589b56f0052d7aaab2da14b9a488559a86cc6907acac0fdc468e62931a
- Size
  
  2.3MB
- MD5
  
  5aafd9fe0bb6f9199a5986707f3a09a8
- SHA1
  
  32d3a76c5fc0f0224d2f3051c72e8abdbeccac1b
- SHA256
  
  ccf328589b56f0052d7aaab2da14b9a488559a86cc6907acac0fdc468e62931a
- SHA512
  
  007e3cd0b9eb83aa8dd8fbbb72fdf1eca552660ac616558218eb63617ef08e3bf170b6c4031f3625c167eccc7fcf8949da5eefed77371cc289c83354661f59d7
- SSDEEP
  
  49152:K7Z4R+XwXLR2R79dXTDvtS+fzZtTu66NvTYKEiT2vv/eK:RR17QR7/nvtLZtO9UYc2K
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2