a0d744ed6c8f6443b73f1d53e9354e6929c23c40969db33448f3e9d648da19f2 | Triage

Sharing

General

Target

a0d744ed6c8f6443b73f1d53e9354e6929c23c40969db33448f3e9d648da19f2
Size

4.8MB
Sample

240906-rcca4azeqk
MD5

acb47c8c749f6e19985d16543e1c2378
SHA1

4bce8a5ea55c806399d374d5461d4900ce02b1c8
SHA256

a0d744ed6c8f6443b73f1d53e9354e6929c23c40969db33448f3e9d648da19f2
SHA512

7320fa7b710780d2d585e2f8b07cb071c56d84ab06a866e2e25cc2e39170f18cd77cce02dee4cad813bceaa19a02c8eb3316ea2f9652adb301154186e84a200a
SSDEEP

98304:cVeM4VwHuokyfK8PGcx2HynIiprw0F80XZeGA:6AVw6kx2SnIe84eGA

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  a0d744ed6c8f6443b73f1d53e9354e6929c23c40969db33448f3e9d648da19f2
- Size
  
  4.8MB
- MD5
  
  acb47c8c749f6e19985d16543e1c2378
- SHA1
  
  4bce8a5ea55c806399d374d5461d4900ce02b1c8
- SHA256
  
  a0d744ed6c8f6443b73f1d53e9354e6929c23c40969db33448f3e9d648da19f2
- SHA512
  
  7320fa7b710780d2d585e2f8b07cb071c56d84ab06a866e2e25cc2e39170f18cd77cce02dee4cad813bceaa19a02c8eb3316ea2f9652adb301154186e84a200a
- SSDEEP
  
  98304:cVeM4VwHuokyfK8PGcx2HynIiprw0F80XZeGA:6AVw6kx2SnIe84eGA
Score

7^/10

bootkit discovery persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence