11ca173a74a19ac2f34471358aac2c79959d16a42ae924205ba6ed7f1186e1f5 | Triage

Sharing

General

Target

2024-10-13_3af0401cc8a4bca80045796f5d858c39_bkransomware_karagany
Size

10.9MB
Sample

241013-vfcyks1gpl
MD5

3af0401cc8a4bca80045796f5d858c39
SHA1

1c12c063cae8dc930190dfc4c744f6a3d098ad6c
SHA256

11ca173a74a19ac2f34471358aac2c79959d16a42ae924205ba6ed7f1186e1f5
SHA512

cc3f7bcc2030a03577035339b6d4c98208bfcb69c685e358d618cb7402722bc08238faec7a8073eb8a9ac204753b64501189466013c7e33efa6a9efd445a06bf
SSDEEP

196608:VLbYQVG2JOguavkNqkTf9ABa/MXvd4wdbOj93pL2hDcsqjZ72Oz+Arm5g1xFPld0:9bYlQRb8HW4w4lgosWZ6OEyVW

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  2024-10-13_3af0401cc8a4bca80045796f5d858c39_bkransomware_karagany
- Size
  
  10.9MB
- MD5
  
  3af0401cc8a4bca80045796f5d858c39
- SHA1
  
  1c12c063cae8dc930190dfc4c744f6a3d098ad6c
- SHA256
  
  11ca173a74a19ac2f34471358aac2c79959d16a42ae924205ba6ed7f1186e1f5
- SHA512
  
  cc3f7bcc2030a03577035339b6d4c98208bfcb69c685e358d618cb7402722bc08238faec7a8073eb8a9ac204753b64501189466013c7e33efa6a9efd445a06bf
- SSDEEP
  
  196608:VLbYQVG2JOguavkNqkTf9ABa/MXvd4wdbOj93pL2hDcsqjZ72Oz+Arm5g1xFPld0:9bYlQRb8HW4w4lgosWZ6OEyVW
Score

7^/10

bootkit discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence