8faa39645a93063dba6029b7375ebecfa6fde50d5343f872041296b4374b1760 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8faa39645a93063dba6029b7375ebecfa6fde50d5343f872041296b4374b1760
Size

2.4MB
Sample

240914-1r76rayfjf
MD5

e17aefe831d5f047372ba7810b711c48
SHA1

524435d95713a9e3cd3e039ef786a0c0dcbf3f46
SHA256

8faa39645a93063dba6029b7375ebecfa6fde50d5343f872041296b4374b1760
SHA512

e9a08d9c6621837bbe4c1e89462721a6166f17bbeb966b84d6442f4db077f06659108003386859ac3ef937abf0adfd37b2bbd2ab7fedfbb9fa67efbbbb1517ae
SSDEEP

49152:JoNgRf9tTkvqHWzKVcBd6o6nt2rK09G4lyo0ZacSiLUswRI/CIJH:J+Qf7cqA0bt2rK09cohiLUbQJJH

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  8faa39645a93063dba6029b7375ebecfa6fde50d5343f872041296b4374b1760
- Size
  
  2.4MB
- MD5
  
  e17aefe831d5f047372ba7810b711c48
- SHA1
  
  524435d95713a9e3cd3e039ef786a0c0dcbf3f46
- SHA256
  
  8faa39645a93063dba6029b7375ebecfa6fde50d5343f872041296b4374b1760
- SHA512
  
  e9a08d9c6621837bbe4c1e89462721a6166f17bbeb966b84d6442f4db077f06659108003386859ac3ef937abf0adfd37b2bbd2ab7fedfbb9fa67efbbbb1517ae
- SSDEEP
  
  49152:JoNgRf9tTkvqHWzKVcBd6o6nt2rK09G4lyo0ZacSiLUswRI/CIJH:J+Qf7cqA0bt2rK09cohiLUbQJJH
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2