General

  • Target

    MBR_OVERWRITER_SOURCE_CODE.zip

  • Size

    1.2MB

  • Sample

    240620-seflzaxgpk

  • MD5

    960172ea8cf0196a4faa9be14e4cda24

  • SHA1

    e0ef6319d2a0fe1963df12c2c23af3aaa468af78

  • SHA256

    ec74af7c4f79fa4449f3acc8fbe0cf245eb70bee9d6d9458ab4f59ed18b3d18a

  • SHA512

    f3bae2d783fb6b41934cf3449849f2dd98877c195500011034df290595fb1068a4393d764e91c8af0b29902dfc2566be638c4ea47abd69dc3ecabc016d36a4dc

  • SSDEEP

    24576:bVy8PKbPHgUGN1fP5nPfLaPNv0Yg3opIPumsgCNB5EfROa64CaNA0n:bV/PKrHgUGvfpLwd0Yg3oKPumshBD7LA

Malware Config

Targets

    • Target

      MbrOverwriter/MbrOverwriter/Class1.cs

    • Size

      4KB

    • MD5

      9ce870d57014802e6ee9c4ca6b2b9475

    • SHA1

      878d58e565cc75c633d1e03037db878acb63b395

    • SHA256

      6d9394b382c7cf20ad75220ed5953cede768f58100e62ada1f26f91b68ac7188

    • SHA512

      4c448e838027c167b47f12153046306907d316df7d414ff106db0a96436e90c656c54c43d2d23006344fc04c5a5852b113cc53a6a2c0f900ff1b0b9f661c33d6

    • SSDEEP

      48:Jo4h2n1G5VHvKkpPACsulI49SkN8JLR0sEDY5QVPMR6bGtkThKOCqrFsxakTyO8p:Jo4h2n1GPACVnZ8JVcY5Q6A1WIkTYqC

    Score
    3/10
    • Target

      MbrOverwriter/MbrOverwriter/bin/Debug/MbrOverwriter.exe

    • Size

      9KB

    • MD5

      45470bead60cc025c08e6960370122a6

    • SHA1

      64a972bcf642d84810289995be6eaca730fd1d29

    • SHA256

      ca34d8cd18d6615329bebb0730156ea48651c5c04c77773affa473e36c97d543

    • SHA512

      839fdcfcc4cec710618f608c8e67ddfeb981054245d1ac491e82c82e4f96a40b648e42ebd2c49034ec5e1b0702e5017372e9939d2e4c37646059780c5dfa0f77

    • SSDEEP

      96:V0/VXlYmOKG9Dc1kcL0Bt3jMs3073WNtW1jYcFKNVcz1W4oKYlLya:I3zOKmDzS0BdE78stYcFwVc03KY

    Score
    6/10
    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      MbrOverwriter/MbrOverwriter/obj/Debug/MbrOverwriter.exe

    • Size

      9KB

    • MD5

      45470bead60cc025c08e6960370122a6

    • SHA1

      64a972bcf642d84810289995be6eaca730fd1d29

    • SHA256

      ca34d8cd18d6615329bebb0730156ea48651c5c04c77773affa473e36c97d543

    • SHA512

      839fdcfcc4cec710618f608c8e67ddfeb981054245d1ac491e82c82e4f96a40b648e42ebd2c49034ec5e1b0702e5017372e9939d2e4c37646059780c5dfa0f77

    • SSDEEP

      96:V0/VXlYmOKG9Dc1kcL0Bt3jMs3073WNtW1jYcFKNVcz1W4oKYlLya:I3zOKmDzS0BdE78stYcFwVc03KY

    Score
    6/10
    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      NASM/Uninstall.exe

    • Size

      99KB

    • MD5

      09b1562b21bc7cf62ef66a94329956f0

    • SHA1

      27b5d096e08919d0db9fea4c27dd5e5cdd7f078d

    • SHA256

      627686bb23bd8eae44b3daf4b8d24b6461b6a00113ad6e5f37705507bc35c68c

    • SHA512

      777b7bbdf55d51f41596376cd1bfabf0b6941c6e80ed39849b4a4f16704db347f4846107a15da7d03d7777326076e8d401f4a926314f141ac7626f973220fc2b

    • SSDEEP

      1536:YQi5p5BkhcftDs5iWybSLhH/NAxTWCbL7G5feDLKktLAMAFDM8MDPBlQx:hiN6cFQsW08eTWkL7G5fHOxANM8IPBmx

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/System.dll

    • Size

      27KB

    • MD5

      749e3f0bb4233e5be530487fbd85d06c

    • SHA1

      fbff07bc5569340266ad43be65b10da7392d679f

    • SHA256

      edd2e9f1faa7a3f0d730043717ed1682fc0fef885e87baf90e38323b834191c3

    • SHA512

      49717293b7eaf5bbdc1e8024c1f675e682f45f6984854f88f707ef5fcbb6b4cefea41f37a03b1f2bb52ca5d8d8a9afca3ccb7a1d15e13736755f6e7c47064359

    • SSDEEP

      384:ih3s45XPkwUnMKxgZZr0xfqqPPzeT7DVkkVJWOWsvYkv+H6vgqR64BMrJxjZUJJt:GXcLMRZefqqPWVktSvtlU4UJxNot

    Score
    3/10
    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      6KB

    • MD5

      7f4fb127a29aefeaa092b79485a53bba

    • SHA1

      135791bf1c755b57de1fe4706757d2cc4269cf73

    • SHA256

      7f145bce1fdf6697af2bae4680bbff48cd709fc257f461c2808ee6413b19aa11

    • SHA512

      bacd6276f6f7aa03569c3bbb50d2ce3a5cc4747dbe6a35b2aab30dd020c514cf660af87945ffc2ed06f06caab8010205b86ee1e29b17e847ccdf03795717b91e

    • SSDEEP

      96:McN6/rkYGGvRTjyD7uRkNBQhX5JP0T5+x+weY:iYYG5D7YkvQhT8T5sheY

    Score
    3/10
    • Target

      NASM/ldrdf.exe

    • Size

      99KB

    • MD5

      764680ed3d33fb2a59e80be5b1963622

    • SHA1

      6915c5a1234e4bb7f54969dbd2367b2edc72906c

    • SHA256

      5bd533af2f8a0f9e91654cbb6210c26d833356d927ad6f8d4ebb6309cd690f6d

    • SHA512

      7be7e0cf27082debda11231120ed436107978a036390ffd01d27ed8a5628e7d8e45f331ee7924ddaa977f9bed9391a0965feb0a72862baafd06412a928ced937

    • SSDEEP

      768:mgts21tPvK/tDHPdkU/5YE8k/kapkxIR4A2:fs21RClDv1xYJksaGxo4

    Score
    1/10
    • Target

      NASM/nasm.exe

    • Size

      1.2MB

    • MD5

      2f17bab79b9e5caa79c4f493a18fb06c

    • SHA1

      f3eb8a09529b82fc08e919517e098644ddc01004

    • SHA256

      a4735165141570d966b577d594c0541c29baed4978078c1c7237b855f8592a87

    • SHA512

      37c62999e11f3a44c02bad2ad9941213c0264312f228de32466818ec84d745312f941f4adf6e4bf3f49d5d91e8df56dbf39b7966ed8d4b214b484c93635ca154

    • SSDEEP

      24576:2zYx3PgYWwocek/r2+AAYNh3tBULAkS7Le:2koA/qhlL3rmzS7

    Score
    1/10
    • Target

      NASM/nasmdoc.pdf

    • Size

      1.1MB

    • MD5

      3d0fd480f6c1df517d85e2182ee6f341

    • SHA1

      4183633c5b620969dd2da351f3a6f31fe4eea892

    • SHA256

      f3ae592cf3e2cd0b98320d21f81429f4a44ed3d0a4bd9783c984467f9c7658c6

    • SHA512

      e4a132cdb22510fd31636d3822ce41abcfce5e8d1d571b97f208c2bc9108dd36028c7cd2654be0e6b90ad7130a1dda55c72ffed52348105d8074de124e16521d

    • SSDEEP

      24576:K/uLCBCEif88hW0HgW0Lh6NJvV7fEsFp/Ar1+idjQa0L1/jB:Kmm9i08hl

    Score
    1/10
    • Target

      NASM/nasmpath.bat

    • Size

      65B

    • MD5

      e89f1fa50d32c3660712508337c02fd8

    • SHA1

      abfa38b9230cdceea90fafc1bd9d3d63374d5aaa

    • SHA256

      d472b26b7cc14eafafbc9d7afbf6d33f859529f911eba9ebcc165a0067826d1d

    • SHA512

      f128f13e5a6a3c6ed3159cc9ef7ae39b86ef70969a721a58bc648f1791b01950da7f760b03f962caceb5e45c68d1de91318acc8d2efd8e94db9f16cffe4feefa

    Score
    1/10
    • Target

      NASM/ndisasm.exe

    • Size

      695KB

    • MD5

      2e6b9c1add66c8a19cebc16e09c3d1bd

    • SHA1

      8cea1243d7a231679f5afee32da82934d721138d

    • SHA256

      e78675ef0edb8ec90bdf6d5b2fa7c63cf9a5e7f5c0b2d5f966f08c261cd8ca10

    • SHA512

      75e96a5248475c8565f980bb58ce340ace39b6db44a020a8666e3501f190911f6d1ff8ec9e9ee6f3abadeb82131e15722b626ec6e4139b62d69e4ee07516b469

    • SSDEEP

      6144:5ycm6CT3caH0ledsTok3dKKKKKKvfmDf18ECpq1:5ycKH0ledDEdKKKKKKEWpq1

    Score
    1/10
    • Target

      NASM/rdf2bin.exe

    • Size

      90KB

    • MD5

      dbfac314e9ef6d2968c90b28b97fd0b5

    • SHA1

      37f33c70804a9824de34278ef85ab226f4e8d029

    • SHA256

      1ec1dac43dcd30bd5f4ac05276f240524511aef1ece5541e0489b8f9148930ba

    • SHA512

      55e4dd3d6c38330f1d2038fbed9400f10d99020ff4d7d92eac33cd7f3406092d4aa55feec9c5e867e955d42e9b19de6cc3ff21d479741a8c3e3f4830e8129f37

    • SSDEEP

      384:QVnWAB11ZJ2oenBPwXzW2XiDnT/r3P7tpnrwn7hRhLhuf7I1l8NAjwHnEDdp8B3:cDjYnnBYXuDnT/r3P7Xnrw7yf7I0x4w

    Score
    1/10
    • Target

      NASM/rdf2com.exe

    • Size

      90KB

    • MD5

      dbfac314e9ef6d2968c90b28b97fd0b5

    • SHA1

      37f33c70804a9824de34278ef85ab226f4e8d029

    • SHA256

      1ec1dac43dcd30bd5f4ac05276f240524511aef1ece5541e0489b8f9148930ba

    • SHA512

      55e4dd3d6c38330f1d2038fbed9400f10d99020ff4d7d92eac33cd7f3406092d4aa55feec9c5e867e955d42e9b19de6cc3ff21d479741a8c3e3f4830e8129f37

    • SSDEEP

      384:QVnWAB11ZJ2oenBPwXzW2XiDnT/r3P7tpnrwn7hRhLhuf7I1l8NAjwHnEDdp8B3:cDjYnnBYXuDnT/r3P7Xnrw7yf7I0x4w

    Score
    1/10
    • Target

      NASM/rdf2ihx.exe

    • Size

      90KB

    • MD5

      dbfac314e9ef6d2968c90b28b97fd0b5

    • SHA1

      37f33c70804a9824de34278ef85ab226f4e8d029

    • SHA256

      1ec1dac43dcd30bd5f4ac05276f240524511aef1ece5541e0489b8f9148930ba

    • SHA512

      55e4dd3d6c38330f1d2038fbed9400f10d99020ff4d7d92eac33cd7f3406092d4aa55feec9c5e867e955d42e9b19de6cc3ff21d479741a8c3e3f4830e8129f37

    • SSDEEP

      384:QVnWAB11ZJ2oenBPwXzW2XiDnT/r3P7tpnrwn7hRhLhuf7I1l8NAjwHnEDdp8B3:cDjYnnBYXuDnT/r3P7Xnrw7yf7I0x4w

    Score
    1/10
    • Target

      NASM/rdf2ith.exe

    • Size

      90KB

    • MD5

      dbfac314e9ef6d2968c90b28b97fd0b5

    • SHA1

      37f33c70804a9824de34278ef85ab226f4e8d029

    • SHA256

      1ec1dac43dcd30bd5f4ac05276f240524511aef1ece5541e0489b8f9148930ba

    • SHA512

      55e4dd3d6c38330f1d2038fbed9400f10d99020ff4d7d92eac33cd7f3406092d4aa55feec9c5e867e955d42e9b19de6cc3ff21d479741a8c3e3f4830e8129f37

    • SSDEEP

      384:QVnWAB11ZJ2oenBPwXzW2XiDnT/r3P7tpnrwn7hRhLhuf7I1l8NAjwHnEDdp8B3:cDjYnnBYXuDnT/r3P7Xnrw7yf7I0x4w

    Score
    1/10
    • Target

      NASM/rdf2srec.exe

    • Size

      90KB

    • MD5

      dbfac314e9ef6d2968c90b28b97fd0b5

    • SHA1

      37f33c70804a9824de34278ef85ab226f4e8d029

    • SHA256

      1ec1dac43dcd30bd5f4ac05276f240524511aef1ece5541e0489b8f9148930ba

    • SHA512

      55e4dd3d6c38330f1d2038fbed9400f10d99020ff4d7d92eac33cd7f3406092d4aa55feec9c5e867e955d42e9b19de6cc3ff21d479741a8c3e3f4830e8129f37

    • SSDEEP

      384:QVnWAB11ZJ2oenBPwXzW2XiDnT/r3P7tpnrwn7hRhLhuf7I1l8NAjwHnEDdp8B3:cDjYnnBYXuDnT/r3P7Xnrw7yf7I0x4w

    Score
    1/10
    • Target

      NASM/rdfdump.exe

    • Size

      19KB

    • MD5

      c467f7bba048d179530fae7eab01ed9f

    • SHA1

      cd12d5fffadb288e3a5c51f06a7ac4436721eead

    • SHA256

      989b811fe5243127844ff3977e0f3cb40b1df317d32379d499f4260b5eee70bf

    • SHA512

      7a12449c2d8408d8229cf20ec48a5ba346ca64cff9bb0dd02997a4917584ab67207cf01c7a19c78322d4bc47fdf72df630a2cf497ddc4062635a2155a9b3d0e6

    • SSDEEP

      384:t0CaizPq7/i2w2yg7zSzIpBXUUz5eYblaQdWEDdp+TC3:8M4K2B7HpJvdW4AC

    Score
    1/10
    • Target

      NASM/rdflib.exe

    • Size

      16KB

    • MD5

      9265961b989f3d1e73496ee1164a7957

    • SHA1

      7b3481db6ba5f2a5e3091a94498a9a3f887c0031

    • SHA256

      a9e8533b6df6bcfddfa82a34a944efb1f3b1ac2c3d520d9a0dcde3c62ce566b6

    • SHA512

      49f2884184f4160ad0627142148db4e1092b0cd39c189ceae6c054dbe4e240bd609a06561d7db6aff37fa235943de0a25ea3396c93b616c04bc259870527a7ce

    • SSDEEP

      384:J9JH/3/Q+Xiqw202hk7NQP1DluEDdpgTQ3:F//n+2bk74WQ

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks