6b68f8a3b9f983de2f6e802b1cd4dd237acbee60aafe171135a1b8afeeae554e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

XDR_ResponseApp_CollectFile_RM-20240829-00001_9d74a434-c4af-4c9e-8c9e-5453ca60a64c_20240829T093949Z.7z
Size

174.1MB
Sample

240829-l11eyaxfpn
MD5

6fc896b0955b2cf431d6c228834cd2e6
SHA1

09c0d17b7d07b368a71ba1fdaebb327615f6d8b3
SHA256

6b68f8a3b9f983de2f6e802b1cd4dd237acbee60aafe171135a1b8afeeae554e
SHA512

bc48c536114ade4c3e0a6aae419566c8f6e90a80b34b39e1faf01deff35303d7b7930980e92a44d48f5226c84c7a761c9b612c91ab387ce4e42d5e0b9f373729
SSDEEP

3145728:B/SSb9SQe4FoNP9XLFvbmsIZEyiEfFAbmFjkH7PF9vsnH9yoRc0ghZ0PzZrJBvE:MSbUQ8/bFTms7mFj2FZmH9pjghZuZ8

Score

6^/10

bootkit discovery execution persistence

Malware Config

Targets

- Target
  
  sp151723.exe
- Size
  
  172.9MB
- MD5
  
  1fadbf85c82ce97a19b46830e4610cda
- SHA1
  
  cd675ff8f697da21f5f26781f16fa3eb59dce0e5
- SHA256
  
  9207853dcbe6efbcd2be7bf1e150438367efec3673a828b1a8a7b6e4d3aa935b
- SHA512
  
  4645d5d7d5752a7a852523bd00fddf6c6c92c8b2affe36138aeab181627322c9fcc6df65429a8a147a13e7a1d2b733d019a919b0a00b64840060e5d6017d0204
- SSDEEP
  
  3145728:BClmmqx+yEhvOhu2GJduVmn8w9flRJOJqHNtaYwq9rUbYrfNhFWKBrO3rHWV7JVw:UlDqx+2mdfNxLJOJ6aYwqKbYrd9Oalfw
Score

6^/10

bootkit discovery execution persistence
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoveryexecutionpersistence