f9369869027c9f4e4315adc42194c6c15d065858e2ac21a570276ea2291fc3bd | Triage

Submit
Reports

Overview

overview

8

Static

static

1

Untitled v...2).mp4

windows11-21h2-x64

Resubmissions

08/08/2024, 19:01

240808-xpcqaaxfqq 8

08/08/2024, 18:59

240808-xna53axfpp 1

Sharing

Copy URL Twitter E-mail

General

Target

Untitled video - Made with Clipchamp (2).mp4
Size

2.0MB
Sample

240808-xpcqaaxfqq
MD5

22c0a0dc4bf831d71561528891cd8548
SHA1

a6c1e3a7d2c4ffe4f23926a7d0389d1b7238c121
SHA256

f9369869027c9f4e4315adc42194c6c15d065858e2ac21a570276ea2291fc3bd
SHA512

646c7bea942238f95a86612e389a819a1df98d349c9c0a2de0123707284a07921a7ff30e80306c2b2386fb7fe426f0372a63d31c6cb4a7cd73a151bdeb0ace6f
SSDEEP

49152:H2VzZ0FNNIHhuJI7toPW8hQSw3HX7oxWU9EQwmt8:MNUNwRoOWQSM3M/ft8

Score

8^/10

bootkit defense_evasion discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

Untitled video - Made with Clipchamp (2).mp4

Resource

win11-20240802-en

bootkit defense_evasion discovery persistence

windows11-21h2-x64

27 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Untitled video - Made with Clipchamp (2).mp4
- Size
  
  2.0MB
- MD5
  
  22c0a0dc4bf831d71561528891cd8548
- SHA1
  
  a6c1e3a7d2c4ffe4f23926a7d0389d1b7238c121
- SHA256
  
  f9369869027c9f4e4315adc42194c6c15d065858e2ac21a570276ea2291fc3bd
- SHA512
  
  646c7bea942238f95a86612e389a819a1df98d349c9c0a2de0123707284a07921a7ff30e80306c2b2386fb7fe426f0372a63d31c6cb4a7cd73a151bdeb0ace6f
- SSDEEP
  
  49152:H2VzZ0FNNIHhuJI7toPW8hQSw3HX7oxWU9EQwmt8:MNUNwRoOWQSM3M/ft8
Score

8^/10

bootkit defense_evasion discovery persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdefense_evasiondiscoverypersistence

© 2018-2025

Terms | Privacy