9e9f698f02ebf84cec0fc33a46c5922a795d7f403d895b61c00c2fe2d2d26587 | Triage

Sharing

General

Target

9e9f698f02ebf84cec0fc33a46c5922a795d7f403d895b61c00c2fe2d2d26587
Size

4.8MB
Sample

240901-bnjljswhkf
MD5

8e3a3ea5a7546c7b85425ef20945237c
SHA1

fc916f2a457881bb660b2ab2a8a842ec55f02899
SHA256

9e9f698f02ebf84cec0fc33a46c5922a795d7f403d895b61c00c2fe2d2d26587
SHA512

ffdf9856a902f4df849e57a3a18c60413f81fef74eb15fb13ef7b0e760a32b2bd8ac8788e9f9062fa5b4c1b8c12d17d31f05a6b4f02fbc1e05b78589aa504405
SSDEEP

98304:JVeM4VwHuokyfz8PGcx2HynIiprw0F80XZqPp:/AVwDkx2SnIe84qPp

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  9e9f698f02ebf84cec0fc33a46c5922a795d7f403d895b61c00c2fe2d2d26587
- Size
  
  4.8MB
- MD5
  
  8e3a3ea5a7546c7b85425ef20945237c
- SHA1
  
  fc916f2a457881bb660b2ab2a8a842ec55f02899
- SHA256
  
  9e9f698f02ebf84cec0fc33a46c5922a795d7f403d895b61c00c2fe2d2d26587
- SHA512
  
  ffdf9856a902f4df849e57a3a18c60413f81fef74eb15fb13ef7b0e760a32b2bd8ac8788e9f9062fa5b4c1b8c12d17d31f05a6b4f02fbc1e05b78589aa504405
- SSDEEP
  
  98304:JVeM4VwHuokyfz8PGcx2HynIiprw0F80XZqPp:/AVwDkx2SnIe84qPp
Score

7^/10

bootkit discovery persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence