ffac6c49d9ce31931ef00a413c3ec7c467487c227076e0215d3ee3ae403d0e4c | Triage

Sharing

General

Target

2024-09-11_26aa3e537f217f30c5eabf3c35b20dec_magniber
Size

4.8MB
Sample

240911-zwwsvatbpf
MD5

26aa3e537f217f30c5eabf3c35b20dec
SHA1

b6aef0f10820a30345c6908181a139dd3e9a7b37
SHA256

ffac6c49d9ce31931ef00a413c3ec7c467487c227076e0215d3ee3ae403d0e4c
SHA512

24f39583e8b31a94e2ef04d3903d0a3962f35fa5b248d22da09e45696cfeb5704e4f26931da7890b5189769836e2012416829df55bae54e3df236906bcfa2fbf
SSDEEP

98304:cVeM4VwHuokyfK8PGcx2HynIiprw0F80XZeGh:6AVw6kx2SnIe84eGh

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  2024-09-11_26aa3e537f217f30c5eabf3c35b20dec_magniber
- Size
  
  4.8MB
- MD5
  
  26aa3e537f217f30c5eabf3c35b20dec
- SHA1
  
  b6aef0f10820a30345c6908181a139dd3e9a7b37
- SHA256
  
  ffac6c49d9ce31931ef00a413c3ec7c467487c227076e0215d3ee3ae403d0e4c
- SHA512
  
  24f39583e8b31a94e2ef04d3903d0a3962f35fa5b248d22da09e45696cfeb5704e4f26931da7890b5189769836e2012416829df55bae54e3df236906bcfa2fbf
- SSDEEP
  
  98304:cVeM4VwHuokyfK8PGcx2HynIiprw0F80XZeGh:6AVw6kx2SnIe84eGh
Score

7^/10

bootkit discovery persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence