5d68ea7454fbaab6ea3e9a4d716032b831b988daa08fd00fa740fd650729ed8c | Triage

Sharing

General

Target

2024-10-09_297adf8ec73d1db227132c2409876b1b_bkransomware_karagany
Size

10.9MB
Sample

241009-q776kszhma
MD5

297adf8ec73d1db227132c2409876b1b
SHA1

1a7bb7c5ba7f17d2db1d4e2acf64557dda8cb32c
SHA256

5d68ea7454fbaab6ea3e9a4d716032b831b988daa08fd00fa740fd650729ed8c
SHA512

ee1d60b33ff2e535c384f1051c25d9d77896c3e99688270e48c5c0fb017c2e40d983a2a0d8603171bc2afa65126314d3feeb41ae978db3448fce39fce9230c71
SSDEEP

196608:XLbYQVG2JOguavkNqkTf9ABa/MXvd4wdbOj93pL2hDcsqjZ72Oz+Arm5g1xFPld0:7bYlQRb8HW4w4lgosWZ6OEyVW

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  2024-10-09_297adf8ec73d1db227132c2409876b1b_bkransomware_karagany
- Size
  
  10.9MB
- MD5
  
  297adf8ec73d1db227132c2409876b1b
- SHA1
  
  1a7bb7c5ba7f17d2db1d4e2acf64557dda8cb32c
- SHA256
  
  5d68ea7454fbaab6ea3e9a4d716032b831b988daa08fd00fa740fd650729ed8c
- SHA512
  
  ee1d60b33ff2e535c384f1051c25d9d77896c3e99688270e48c5c0fb017c2e40d983a2a0d8603171bc2afa65126314d3feeb41ae978db3448fce39fce9230c71
- SSDEEP
  
  196608:XLbYQVG2JOguavkNqkTf9ABa/MXvd4wdbOj93pL2hDcsqjZ72Oz+Arm5g1xFPld0:7bYlQRb8HW4w4lgosWZ6OEyVW
Score

7^/10

bootkit discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence