79598a04f1fba4a475535f5693123d3ad884dda098deb64002e3158b3090331c | Triage

Sharing

General

Target

79598a04f1fba4a475535f5693123d3ad884dda098deb64002e3158b3090331c
Size

2.4MB
Sample

240909-tx6rjszfna
MD5

e50ca1b8e0703ed90cef988084d8b0f5
SHA1

9e645af30750e97d24867b0cda97dc9440fe232f
SHA256

79598a04f1fba4a475535f5693123d3ad884dda098deb64002e3158b3090331c
SHA512

c91fee1475024ebb9638f99fade160cc2841a6d1f9586e0f4609040f22955920481671cc0a939b6089325dedd47929328a98074db29ff504b39241ed89cfe608
SSDEEP

49152:JoNgRf9tTkvqHWzKVcBd6o6nt2rK09G4lyo0ZacSiLUswRI/CIJr:J+Qf7cqA0bt2rK09cohiLUbQJJr

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  79598a04f1fba4a475535f5693123d3ad884dda098deb64002e3158b3090331c
- Size
  
  2.4MB
- MD5
  
  e50ca1b8e0703ed90cef988084d8b0f5
- SHA1
  
  9e645af30750e97d24867b0cda97dc9440fe232f
- SHA256
  
  79598a04f1fba4a475535f5693123d3ad884dda098deb64002e3158b3090331c
- SHA512
  
  c91fee1475024ebb9638f99fade160cc2841a6d1f9586e0f4609040f22955920481671cc0a939b6089325dedd47929328a98074db29ff504b39241ed89cfe608
- SSDEEP
  
  49152:JoNgRf9tTkvqHWzKVcBd6o6nt2rK09G4lyo0ZacSiLUswRI/CIJr:J+Qf7cqA0bt2rK09cohiLUbQJJr
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2