3e5e23c0adf484b96a726f9ecdbd4a3089ad7f8979329616b73e521825e183ae | Triage

Resubmissions

07-10-2024 19:03

241007-xqldtavhra 6

27-09-2024 23:46

240927-3samzsybkf 8

27-09-2024 23:14

240927-28aggsxbnh 10

27-09-2024 23:12

240927-26vpmsvbjk 8

27-09-2024 20:13

240927-yzes3axdnk 8

27-09-2024 20:12

240927-yy349sxdmm 3

27-09-2024 20:10

240927-yxq4bazcma 3

27-09-2024 20:02

240927-yr5drazaqf 8

27-09-2024 19:59

240927-yqh45axamm 3

27-09-2024 19:56

240927-ynwx7swhll 3

Sharing

General

Target

Screenshot 2024-09-24 2.11.17 PM.png
Size

45KB
Sample

240927-26vpmsvbjk
MD5

578c76503d19e73f7a935cdfb1a4108e
SHA1

74644b49ebeb844cfa821fe70251f8e56ac6e112
SHA256

3e5e23c0adf484b96a726f9ecdbd4a3089ad7f8979329616b73e521825e183ae
SHA512

52b1cb29234be0e46a90cc26f8ac9ad6ff45887f80fbaf20da53bce7c9530111778317aaa393e6e94fe97f3f15372a0de869f709e768f278bd74ba989599ca0d
SSDEEP

768:54PXdrAREaTeqsZ+93ArVC7UpbJss0JAKEKFXsojUIFI5A29+FKn2g5Fh2O:54Pa1swmfNIOKEKSY29tnxhz

Score

8^/10

bootkit defense_evasion discovery persistence

Malware Config

Targets

- Target
  
  Screenshot 2024-09-24 2.11.17 PM.png
- Size
  
  45KB
- MD5
  
  578c76503d19e73f7a935cdfb1a4108e
- SHA1
  
  74644b49ebeb844cfa821fe70251f8e56ac6e112
- SHA256
  
  3e5e23c0adf484b96a726f9ecdbd4a3089ad7f8979329616b73e521825e183ae
- SHA512
  
  52b1cb29234be0e46a90cc26f8ac9ad6ff45887f80fbaf20da53bce7c9530111778317aaa393e6e94fe97f3f15372a0de869f709e768f278bd74ba989599ca0d
- SSDEEP
  
  768:54PXdrAREaTeqsZ+93ArVC7UpbJss0JAKEKFXsojUIFI5A29+FKn2g5Fh2O:54Pa1swmfNIOKEKSY29tnxhz
Score

8^/10

bootkit defense_evasion discovery persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdefense_evasiondiscoverypersistence