d188dad5ed9a7a6f3f08dc4b33a29c55ffe9f95a22573dbfea7c1c6df7280725 | Triage

Sharing

General

Target

d188dad5ed9a7a6f3f08dc4b33a29c55ffe9f95a22573dbfea7c1c6df7280725
Size

4.8MB
Sample

240927-w759wawfle
MD5

cea16d83b6557db72fb814a710516f9f
SHA1

b139ebfb0c4d881bf9d2ef4b8d6dd6e863ccb0c8
SHA256

d188dad5ed9a7a6f3f08dc4b33a29c55ffe9f95a22573dbfea7c1c6df7280725
SHA512

fa41a3fc340098421748ffe15d5d4ada63d98f2c918f165ff03ab17213aa617823c2644be13ec22b621c2067460fb479560a469419ac718ef20093286b8ccd6e
SSDEEP

98304:TVeM4VwHuokyfO8PGcx2HynIiprw0F80XZ/KgZ:5AVw+kx2SnIe84CgZ

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  d188dad5ed9a7a6f3f08dc4b33a29c55ffe9f95a22573dbfea7c1c6df7280725
- Size
  
  4.8MB
- MD5
  
  cea16d83b6557db72fb814a710516f9f
- SHA1
  
  b139ebfb0c4d881bf9d2ef4b8d6dd6e863ccb0c8
- SHA256
  
  d188dad5ed9a7a6f3f08dc4b33a29c55ffe9f95a22573dbfea7c1c6df7280725
- SHA512
  
  fa41a3fc340098421748ffe15d5d4ada63d98f2c918f165ff03ab17213aa617823c2644be13ec22b621c2067460fb479560a469419ac718ef20093286b8ccd6e
- SSDEEP
  
  98304:TVeM4VwHuokyfO8PGcx2HynIiprw0F80XZ/KgZ:5AVw+kx2SnIe84CgZ
Score

7^/10

bootkit discovery persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence