7bff585baeb946991d50d5ca92701d2759e0be8abf5ef945b06544964a2c3d70 | Triage

Sharing

General

Target

7bff585baeb946991d50d5ca92701d2759e0be8abf5ef945b06544964a2c3d70
Size

2.3MB
Sample

240809-yv16haxekq
MD5

1bc1d1ef30250b9716a4975271b93154
SHA1

820bb3102bfe232d8270d0214912568ebdf64b49
SHA256

7bff585baeb946991d50d5ca92701d2759e0be8abf5ef945b06544964a2c3d70
SHA512

700f974b5ba452ffff36818cc294aa4f60865bafae31987214a1ef3ecbcddabc43cc89d44de2a71ae930ea680af02814a47e3e9626584a9a5eaee57e452ca972
SSDEEP

49152:EySrGORAQcP4sK2JXaz2iAdo/cNatLbhhZoSdJHcZ2IxzT:5SrLlce2ZazSoENobhhnFTIB

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  7bff585baeb946991d50d5ca92701d2759e0be8abf5ef945b06544964a2c3d70
- Size
  
  2.3MB
- MD5
  
  1bc1d1ef30250b9716a4975271b93154
- SHA1
  
  820bb3102bfe232d8270d0214912568ebdf64b49
- SHA256
  
  7bff585baeb946991d50d5ca92701d2759e0be8abf5ef945b06544964a2c3d70
- SHA512
  
  700f974b5ba452ffff36818cc294aa4f60865bafae31987214a1ef3ecbcddabc43cc89d44de2a71ae930ea680af02814a47e3e9626584a9a5eaee57e452ca972
- SSDEEP
  
  49152:EySrGORAQcP4sK2JXaz2iAdo/cNatLbhhZoSdJHcZ2IxzT:5SrLlce2ZazSoENobhhnFTIB
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2