d9f07e38521ff975e2cbef4149de1c4e25952b246a1b2724f57938b3ddf4cc6b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d9f07e38521ff975e2cbef4149de1c4e25952b246a1b2724f57938b3ddf4cc6b
Size

4.8MB
Sample

240915-hfdhwszhlb
MD5

5a9bcd231751ae2aafff62d1a7af33a0
SHA1

6972695d3db548016c888b10700362516fe25c8b
SHA256

d9f07e38521ff975e2cbef4149de1c4e25952b246a1b2724f57938b3ddf4cc6b
SHA512

9176df890462ff243d56b03282b18e6148697027992e59d0efef46a4174e3224ac629ffdb5b91396fc13d1a5437dca155cddfc705138b10cad5bf70c5cde4fec
SSDEEP

98304:nXHfZysNkdeOVWB4PGrx2fEyMmzHJhYlRJ1:nPx1dx2f9MmzHwR

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  d9f07e38521ff975e2cbef4149de1c4e25952b246a1b2724f57938b3ddf4cc6b
- Size
  
  4.8MB
- MD5
  
  5a9bcd231751ae2aafff62d1a7af33a0
- SHA1
  
  6972695d3db548016c888b10700362516fe25c8b
- SHA256
  
  d9f07e38521ff975e2cbef4149de1c4e25952b246a1b2724f57938b3ddf4cc6b
- SHA512
  
  9176df890462ff243d56b03282b18e6148697027992e59d0efef46a4174e3224ac629ffdb5b91396fc13d1a5437dca155cddfc705138b10cad5bf70c5cde4fec
- SSDEEP
  
  98304:nXHfZysNkdeOVWB4PGrx2fEyMmzHJhYlRJ1:nPx1dx2f9MmzHwR
Score

7^/10

bootkit discovery persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence