2221276e667db7e2603f57079dd428ed6cfe8d40ccb5e9d8df78b966e7a9d532 | Triage

Sharing

General

Target

2221276e667db7e2603f57079dd428ed6cfe8d40ccb5e9d8df78b966e7a9d532
Size

219KB
Sample

240612-q7zt7s1crm
MD5

df5f5189b5ad2dbe381c497e2014cff5
SHA1

6186f4ebdbb0089108ead978e3eb7d48b36b83e2
SHA256

2221276e667db7e2603f57079dd428ed6cfe8d40ccb5e9d8df78b966e7a9d532
SHA512

38323e075be56e3df22fb63bdfdd5fa4559b4f61fcdae0380c7857fe3701635e6462ace533e4e079444180732e0180f9104771ca1b5408573077db637f222b6d
SSDEEP

6144:20KgGwHqwOOELha+sm2D2+UhngN2K4Zpk:20KgGXFhazmdVgoK4ZC

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  2221276e667db7e2603f57079dd428ed6cfe8d40ccb5e9d8df78b966e7a9d532
- Size
  
  219KB
- MD5
  
  df5f5189b5ad2dbe381c497e2014cff5
- SHA1
  
  6186f4ebdbb0089108ead978e3eb7d48b36b83e2
- SHA256
  
  2221276e667db7e2603f57079dd428ed6cfe8d40ccb5e9d8df78b966e7a9d532
- SHA512
  
  38323e075be56e3df22fb63bdfdd5fa4559b4f61fcdae0380c7857fe3701635e6462ace533e4e079444180732e0180f9104771ca1b5408573077db637f222b6d
- SSDEEP
  
  6144:20KgGwHqwOOELha+sm2D2+UhngN2K4Zpk:20KgGXFhazmdVgoK4ZC
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence