aba2aeaab544d7536f9b35fc39dd4f0e546a385a0e94a37bf9b0bb98019caa98 | Triage

Sharing

General

Target

aba2aeaab544d7536f9b35fc39dd4f0e546a385a0e94a37bf9b0bb98019caa98
Size

2.3MB
Sample

240825-3fz24s1fnh
MD5

347493fb63f169a7cb91002cde2e34bf
SHA1

0a546ef058bc9b234a9d8f512cec87ea18280c12
SHA256

aba2aeaab544d7536f9b35fc39dd4f0e546a385a0e94a37bf9b0bb98019caa98
SHA512

dc859a225bec0e1b5aa610ade158a3863b3f497dbaae546dc7e54352786c80a5921b5e797bbbdfc0b8d5e091999cef688033c5fda7051d340ad5bed07af660a3
SSDEEP

49152:EySrGORAQcP4sK2JXaz2iAdo/cNatLbhhZoSdJHcZ2IxzU:5SrLlce2ZazSoENobhhnFTIm

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  aba2aeaab544d7536f9b35fc39dd4f0e546a385a0e94a37bf9b0bb98019caa98
- Size
  
  2.3MB
- MD5
  
  347493fb63f169a7cb91002cde2e34bf
- SHA1
  
  0a546ef058bc9b234a9d8f512cec87ea18280c12
- SHA256
  
  aba2aeaab544d7536f9b35fc39dd4f0e546a385a0e94a37bf9b0bb98019caa98
- SHA512
  
  dc859a225bec0e1b5aa610ade158a3863b3f497dbaae546dc7e54352786c80a5921b5e797bbbdfc0b8d5e091999cef688033c5fda7051d340ad5bed07af660a3
- SSDEEP
  
  49152:EySrGORAQcP4sK2JXaz2iAdo/cNatLbhhZoSdJHcZ2IxzU:5SrLlce2ZazSoENobhhnFTIm
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2