b2db1e7bb7ab7d44f9058f9ba3c01ee40b52667fe779a23211fb39ba5a43c3fa | Triage

Sharing

General

Target

b2db1e7bb7ab7d44f9058f9ba3c01ee40b52667fe779a23211fb39ba5a43c3fa
Size

4.8MB
Sample

240926-awgw9awgjk
MD5

683c5ac8715e1f7b4160ab6bfddbbf05
SHA1

547426ee7b01ee892ef9ac2271c285c8af3d54c2
SHA256

b2db1e7bb7ab7d44f9058f9ba3c01ee40b52667fe779a23211fb39ba5a43c3fa
SHA512

f386d7e3fc3dfef3d3367ae1730bf011918caf89120e11ade9beaed1b491e2de1a8f2c11be199d9127a43a0dcff806072a1b06da5a8dcf50e2e4a2e240184c4d
SSDEEP

98304:RVeM4VwHuokyfO8PGcx2HynIiprw0F80XZMfjZ:XAVw+kx2SnIe84CjZ

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  b2db1e7bb7ab7d44f9058f9ba3c01ee40b52667fe779a23211fb39ba5a43c3fa
- Size
  
  4.8MB
- MD5
  
  683c5ac8715e1f7b4160ab6bfddbbf05
- SHA1
  
  547426ee7b01ee892ef9ac2271c285c8af3d54c2
- SHA256
  
  b2db1e7bb7ab7d44f9058f9ba3c01ee40b52667fe779a23211fb39ba5a43c3fa
- SHA512
  
  f386d7e3fc3dfef3d3367ae1730bf011918caf89120e11ade9beaed1b491e2de1a8f2c11be199d9127a43a0dcff806072a1b06da5a8dcf50e2e4a2e240184c4d
- SSDEEP
  
  98304:RVeM4VwHuokyfO8PGcx2HynIiprw0F80XZMfjZ:XAVw+kx2SnIe84CjZ
Score

7^/10

bootkit discovery persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence