ff48da3d7cde72fc1c2de08970e1b349f5d68e561367f1db7dd1e7945814882e | Triage

Sharing

General

Target

ff48da3d7cde72fc1c2de08970e1b349f5d68e561367f1db7dd1e7945814882e
Size

4.8MB
Sample

240915-ap9cxsvhlq
MD5

9deacea7814cacd28ba3a7b3ee326cd4
SHA1

1109045e9616409658aefa5d0c8782bc185e3ccc
SHA256

ff48da3d7cde72fc1c2de08970e1b349f5d68e561367f1db7dd1e7945814882e
SHA512

735bb29e68c91be9db0ce278974812eca7b6018a8d3a8f005a588cfc7315647a4630d5a4d6d163ebe50c2aa0572241c4e3f7b8deef8d6d55f179d939beda56ce
SSDEEP

98304:AVeM4VwHuokyfn8PGcx2HynIiprw0F80XZrL2y:mAVw3kx2SnIe84X2y

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  ff48da3d7cde72fc1c2de08970e1b349f5d68e561367f1db7dd1e7945814882e
- Size
  
  4.8MB
- MD5
  
  9deacea7814cacd28ba3a7b3ee326cd4
- SHA1
  
  1109045e9616409658aefa5d0c8782bc185e3ccc
- SHA256
  
  ff48da3d7cde72fc1c2de08970e1b349f5d68e561367f1db7dd1e7945814882e
- SHA512
  
  735bb29e68c91be9db0ce278974812eca7b6018a8d3a8f005a588cfc7315647a4630d5a4d6d163ebe50c2aa0572241c4e3f7b8deef8d6d55f179d939beda56ce
- SSDEEP
  
  98304:AVeM4VwHuokyfn8PGcx2HynIiprw0F80XZrL2y:mAVw3kx2SnIe84X2y
Score

7^/10

bootkit discovery persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence