d8e07b6a5984bec06dc7507fcecb31c7260b9367bd25ae4e9c6598f30d7c93b3 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

Sigma.exe

windows11-21h2-x64

8

Resubmissions

18-08-2024 14:28

240818-rtcces1arj 8

18-08-2024 14:26

240818-rrs76axeqa 8

Sharing

General

Target

Sigma.exe
Size

191KB
Sample

240818-rtcces1arj
MD5

ec8982bb5bc336fe8803c4ce78ca6b3a
SHA1

98d52086cb0fbeacdf6e722ea77553f701506ceb
SHA256

d8e07b6a5984bec06dc7507fcecb31c7260b9367bd25ae4e9c6598f30d7c93b3
SHA512

c312605e5ae560dbb8e8ceb6db164235b115fc85739d46ffc9c19d534cb8f0d6e5800993b301a4bee175d7a8508a4fb39c9e7200efa1c52f5e736ee46d86303e
SSDEEP

3072:MLKminbl12mUtxPE7LnEFOHJozH3qcoaePOX:ZbloV2dnPOX

Score

8^/10

bootkit discovery evasion persistence privilege_escalation

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Sigma.exe

Resource

win11-20240802-en

bootkit discovery evasion persistence privilege_escalation

windows11-21h2-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  Sigma.exe
- Size
  
  191KB
- MD5
  
  ec8982bb5bc336fe8803c4ce78ca6b3a
- SHA1
  
  98d52086cb0fbeacdf6e722ea77553f701506ceb
- SHA256
  
  d8e07b6a5984bec06dc7507fcecb31c7260b9367bd25ae4e9c6598f30d7c93b3
- SHA512
  
  c312605e5ae560dbb8e8ceb6db164235b115fc85739d46ffc9c19d534cb8f0d6e5800993b301a4bee175d7a8508a4fb39c9e7200efa1c52f5e736ee46d86303e
- SSDEEP
  
  3072:MLKminbl12mUtxPE7LnEFOHJozH3qcoaePOX:ZbloV2dnPOX
Score

8^/10

bootkit discovery evasion persistence privilege_escalation
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Accessibility Features

Pre-OS Boot

Bootkit

Privilege Escalation

Event Triggered Execution

Accessibility Features

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Pre-OS Boot

Bootkit

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistenceprivilege_escalation

© 2018-2024

Terms | Privacy