b8b7371cde124baf99f1c7fa947906ce7ce72b918a835c43eeadcf356a971c07 | Triage

Sharing

General

Target

2024-10-06_a7bf65818d46158c7b30868eefc7e491_bkransomware_karagany
Size

10.9MB
Sample

241006-mt72wazdjk
MD5

a7bf65818d46158c7b30868eefc7e491
SHA1

38d4a8f69bc5056d3e73f7c6763099cd02e865c3
SHA256

b8b7371cde124baf99f1c7fa947906ce7ce72b918a835c43eeadcf356a971c07
SHA512

87a6ba10a05162f515292fde7530ed052d08723ad547ea3ce1227168b32cf32d11b7ff904807b0bb019f91198260f2f025b378bdc727ef54eca4425c8adfd023
SSDEEP

196608:PLbYQVG2JOguavkNqkTf9ABa/MXvd4wdbOj93pL2hDcsqjZ72Oz+Arm5g1xFPld0:jbYlQRb8HW4w4lgosWZ6OEyVW

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  2024-10-06_a7bf65818d46158c7b30868eefc7e491_bkransomware_karagany
- Size
  
  10.9MB
- MD5
  
  a7bf65818d46158c7b30868eefc7e491
- SHA1
  
  38d4a8f69bc5056d3e73f7c6763099cd02e865c3
- SHA256
  
  b8b7371cde124baf99f1c7fa947906ce7ce72b918a835c43eeadcf356a971c07
- SHA512
  
  87a6ba10a05162f515292fde7530ed052d08723ad547ea3ce1227168b32cf32d11b7ff904807b0bb019f91198260f2f025b378bdc727ef54eca4425c8adfd023
- SSDEEP
  
  196608:PLbYQVG2JOguavkNqkTf9ABa/MXvd4wdbOj93pL2hDcsqjZ72Oz+Arm5g1xFPld0:jbYlQRb8HW4w4lgosWZ6OEyVW
Score

7^/10

bootkit discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence