fe1b59665643ffa2553ddbed9db3319b0b834d2e8bb32411fcf9fbdaeabbd784 | Triage

Sharing

General

Target

fe1b59665643ffa2553ddbed9db3319b0b834d2e8bb32411fcf9fbdaeabbd784
Size

4.8MB
Sample

240919-aza8wa1hqm
MD5

777a393d6f163d862cbe115e3f997252
SHA1

93166f7350d2c9b808df9dfaf2f782220b8573bf
SHA256

fe1b59665643ffa2553ddbed9db3319b0b834d2e8bb32411fcf9fbdaeabbd784
SHA512

9cb306342da1f79057145ead8ec86c04b55d4dede2e4b858c057fc4d3b75823b563d02884d5a0e802223f401e9dadcbe926750f81a607f36fccd5eb3ba96bd16
SSDEEP

98304:uVeM4VwHuokyfn8PGcx2HynIiprw0F80XZsB3p:cAVw3kx2SnIe84E3p

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  fe1b59665643ffa2553ddbed9db3319b0b834d2e8bb32411fcf9fbdaeabbd784
- Size
  
  4.8MB
- MD5
  
  777a393d6f163d862cbe115e3f997252
- SHA1
  
  93166f7350d2c9b808df9dfaf2f782220b8573bf
- SHA256
  
  fe1b59665643ffa2553ddbed9db3319b0b834d2e8bb32411fcf9fbdaeabbd784
- SHA512
  
  9cb306342da1f79057145ead8ec86c04b55d4dede2e4b858c057fc4d3b75823b563d02884d5a0e802223f401e9dadcbe926750f81a607f36fccd5eb3ba96bd16
- SSDEEP
  
  98304:uVeM4VwHuokyfn8PGcx2HynIiprw0F80XZsB3p:cAVw3kx2SnIe84E3p
Score

7^/10

bootkit discovery persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence