763abf4fe0127023cc06897d34cab9f6adaa7748b9d10a7f337243f6bb42ace2 | Triage

Resubmissions

06-07-2024 05:58

240706-gpjktszgjf 3

06-07-2024 05:55

240706-gmt9jszfnf 8

06-07-2024 05:52

240706-gk582azfjd 3

06-07-2024 05:51

240706-gj5k4szepe 6

06-07-2024 05:47

240706-gg54vszekd 3

Sharing

General

Target

python.py
Size

6KB
Sample

240706-gmt9jszfnf
MD5

0d388e3da02496ccf90f607bfa0de9da
SHA1

07859dc7ef0c07459ffc2efb174cf927d8e916e6
SHA256

763abf4fe0127023cc06897d34cab9f6adaa7748b9d10a7f337243f6bb42ace2
SHA512

df1745c41e560cdd3e13df92d5cfd0e4c4d4bb815af461ebd45386f7176a7039fbdec96865b24d9a9fd051dbcf61c21d94ee29a212d4f9361ae297877d1233db
SSDEEP

192:El/tLBOoVaS2fUOm3hguWHzywMxMl9c9v81I1IV8z8pODysN:El/tLBOo4S2foJ+uh81QA8z8AysN

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  python.py
- Size
  
  6KB
- MD5
  
  0d388e3da02496ccf90f607bfa0de9da
- SHA1
  
  07859dc7ef0c07459ffc2efb174cf927d8e916e6
- SHA256
  
  763abf4fe0127023cc06897d34cab9f6adaa7748b9d10a7f337243f6bb42ace2
- SHA512
  
  df1745c41e560cdd3e13df92d5cfd0e4c4d4bb815af461ebd45386f7176a7039fbdec96865b24d9a9fd051dbcf61c21d94ee29a212d4f9361ae297877d1233db
- SSDEEP
  
  192:El/tLBOoVaS2fUOm3hguWHzywMxMl9c9v81I1IV8z8pODysN:El/tLBOo4S2foJ+uh81QA8z8AysN
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence