1addf878ad6d3cf7ff90db1905ae5ac89603b0a77959faedcd1f6a90862ac16f | Triage

Sharing

General

Target

1addf878ad6d3cf7ff90db1905ae5ac89603b0a77959faedcd1f6a90862ac16f
Size

4.8MB
Sample

240901-aqtc4atgnn
MD5

bc033b32916fe3bb5decfca884b08dfe
SHA1

134b484087450a5d1d23a9deee3f0cddcc19dfa9
SHA256

1addf878ad6d3cf7ff90db1905ae5ac89603b0a77959faedcd1f6a90862ac16f
SHA512

41d420b03d150455f4194bc474b2f57ffe5bc53e627ee87a9b2c2137bbacfe2a9ff34f4f6142dbe9377118e1434c7984f490272bc0e08ef8dc6e3359bba88358
SSDEEP

98304:cVeM4VwHuokyfK8PGcx2HynIiprw0F80XZeGG:6AVw6kx2SnIe84eGG

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  1addf878ad6d3cf7ff90db1905ae5ac89603b0a77959faedcd1f6a90862ac16f
- Size
  
  4.8MB
- MD5
  
  bc033b32916fe3bb5decfca884b08dfe
- SHA1
  
  134b484087450a5d1d23a9deee3f0cddcc19dfa9
- SHA256
  
  1addf878ad6d3cf7ff90db1905ae5ac89603b0a77959faedcd1f6a90862ac16f
- SHA512
  
  41d420b03d150455f4194bc474b2f57ffe5bc53e627ee87a9b2c2137bbacfe2a9ff34f4f6142dbe9377118e1434c7984f490272bc0e08ef8dc6e3359bba88358
- SSDEEP
  
  98304:cVeM4VwHuokyfK8PGcx2HynIiprw0F80XZeGG:6AVw6kx2SnIe84eGG
Score

7^/10

bootkit discovery persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence