e93194f8a28224fdebac60f8cafbbae1f31f04ac7b9be3bf5d0a04483b61db7c | Triage

Sharing

General

Target

e93194f8a28224fdebac60f8cafbbae1f31f04ac7b9be3bf5d0a04483b61db7c
Size

4.8MB
Sample

240908-areakatelp
MD5

d57b594716a5041282735c4e5dd777bf
SHA1

404d28012407c48ca1af83897fc16d282cf35547
SHA256

e93194f8a28224fdebac60f8cafbbae1f31f04ac7b9be3bf5d0a04483b61db7c
SHA512

24ffcf40c342629ccaff3156e6da703dfd6b0f93989aec088e1f7dae909386e65ce849c286c04bbc64973c12ae9813f829e769aad18106c33173c80ae604b128
SSDEEP

98304:JVeM4VwHuokyfz8PGcx2HynIiprw0F80XZqP4:/AVwDkx2SnIe84qP4

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  e93194f8a28224fdebac60f8cafbbae1f31f04ac7b9be3bf5d0a04483b61db7c
- Size
  
  4.8MB
- MD5
  
  d57b594716a5041282735c4e5dd777bf
- SHA1
  
  404d28012407c48ca1af83897fc16d282cf35547
- SHA256
  
  e93194f8a28224fdebac60f8cafbbae1f31f04ac7b9be3bf5d0a04483b61db7c
- SHA512
  
  24ffcf40c342629ccaff3156e6da703dfd6b0f93989aec088e1f7dae909386e65ce849c286c04bbc64973c12ae9813f829e769aad18106c33173c80ae604b128
- SSDEEP
  
  98304:JVeM4VwHuokyfz8PGcx2HynIiprw0F80XZqP4:/AVwDkx2SnIe84qP4
Score

7^/10

bootkit discovery persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence