General

  • Target

    808de6dc9229bd5402dfb6d195ec49bd3ee96e21c0719b26218ccf21b95842a1

  • Size

    5.2MB

  • Sample

    240612-r6wa3asfql

  • MD5

    19b9f0afda81c5fffc5ba0eb03b64da7

  • SHA1

    60e550001bd9d6fd199ba6268e21150b70a93ab5

  • SHA256

    808de6dc9229bd5402dfb6d195ec49bd3ee96e21c0719b26218ccf21b95842a1

  • SHA512

    bb6923c81db1dc87b99ccbb2a40ae10086de3ce0c0772279859e6e6fc27ca3f081d46fed74bd08fea27cdb381bde7ae230e4f5a26ce3786953f7900b55f4f2b1

  • SSDEEP

    98304:IXWL95fDNHhWVYIRLns5R5rhRNb0cE+SA8tNmef9ycNBg8RCkR5:IXWLNBWaIlnWHRWcfbQAIxf9IK

Malware Config

Targets

    • Target

      808de6dc9229bd5402dfb6d195ec49bd3ee96e21c0719b26218ccf21b95842a1

    • Size

      5.2MB

    • MD5

      19b9f0afda81c5fffc5ba0eb03b64da7

    • SHA1

      60e550001bd9d6fd199ba6268e21150b70a93ab5

    • SHA256

      808de6dc9229bd5402dfb6d195ec49bd3ee96e21c0719b26218ccf21b95842a1

    • SHA512

      bb6923c81db1dc87b99ccbb2a40ae10086de3ce0c0772279859e6e6fc27ca3f081d46fed74bd08fea27cdb381bde7ae230e4f5a26ce3786953f7900b55f4f2b1

    • SSDEEP

      98304:IXWL95fDNHhWVYIRLns5R5rhRNb0cE+SA8tNmef9ycNBg8RCkR5:IXWLNBWaIlnWHRWcfbQAIxf9IK

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Tasks