Overview

overview

8

Static

static

3

salinewin.exe

windows11-21h2-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    salinewin.exe

  • Size

    283KB

  • Sample

    240727-fjjszaydjn

  • MD5

    2b1e9226d7e1015552a21faca891ec41

  • SHA1

    f87fcbe10fa9312048214d4473498ad4f9f331ce

  • SHA256

    7163fefbf2f865ef78a2d3d4480532fffb979300d6f0a77b6f3fc5c4b0d2cada

  • SHA512

    1852f6d05c9fca962178bc190bc8c90f0ca54ea99714480690f44417e49eee6c392579091ae8a6cd053ec47ad1980dbbbc0db3e0e00520ee1bdbadbf8dc9d69e

  • SSDEEP

    3072:HZVUJ58IAelkapH3shY6iEwgaBZP5pHQpYR95WPNpNMl3:nUJ5PzB5ZPPHQpY35WPNpGl3

Score
8/10
bootkitdiscoveryevasionpersistence

Malware Config

Targets

    • Target

      salinewin.exe

    • Size

      283KB

    • MD5

      2b1e9226d7e1015552a21faca891ec41

    • SHA1

      f87fcbe10fa9312048214d4473498ad4f9f331ce

    • SHA256

      7163fefbf2f865ef78a2d3d4480532fffb979300d6f0a77b6f3fc5c4b0d2cada

    • SHA512

      1852f6d05c9fca962178bc190bc8c90f0ca54ea99714480690f44417e49eee6c392579091ae8a6cd053ec47ad1980dbbbc0db3e0e00520ee1bdbadbf8dc9d69e

    • SSDEEP

      3072:HZVUJ58IAelkapH3shY6iEwgaBZP5pHQpYR95WPNpNMl3:nUJ5PzB5ZPPHQpY35WPNpGl3

    Score
    8/10
    bootkitdiscoveryevasionpersistence

    • Disables Task Manager via registry modification

      evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Modify Registry

1
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks