1ca0402de440bb1c3f6a613948b378db2acda49bb9030c1ca98650e863425900 | Triage

Sharing

General

Target

1ca0402de440bb1c3f6a613948b378db2acda49bb9030c1ca98650e863425900
Size

4.8MB
Sample

240915-nj119asbrm
MD5

f6252aab99429f9e951bc69151bbcfa8
SHA1

2c3d2cf5e4c0d4a38066e5d10d1098e51856fda6
SHA256

1ca0402de440bb1c3f6a613948b378db2acda49bb9030c1ca98650e863425900
SHA512

f32bdcf36596899d0e057ba68ee7d60b8555c627261aafcd8d58c41c2db07945d927a67ec0d652d695c33e649b4818aa0a88f9dde985f125c16b994f0b8b64d7
SSDEEP

98304:uVeM4VwHuokyfn8PGcx2HynIiprw0F80XZsB3X:cAVw3kx2SnIe84E3X

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  1ca0402de440bb1c3f6a613948b378db2acda49bb9030c1ca98650e863425900
- Size
  
  4.8MB
- MD5
  
  f6252aab99429f9e951bc69151bbcfa8
- SHA1
  
  2c3d2cf5e4c0d4a38066e5d10d1098e51856fda6
- SHA256
  
  1ca0402de440bb1c3f6a613948b378db2acda49bb9030c1ca98650e863425900
- SHA512
  
  f32bdcf36596899d0e057ba68ee7d60b8555c627261aafcd8d58c41c2db07945d927a67ec0d652d695c33e649b4818aa0a88f9dde985f125c16b994f0b8b64d7
- SSDEEP
  
  98304:uVeM4VwHuokyfn8PGcx2HynIiprw0F80XZsB3X:cAVw3kx2SnIe84E3X
Score

7^/10

bootkit discovery persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence