aa8fa515fa6a86b433a0445145ed4700c7f7141689520629347ba8a9c2e28cd9 | Triage

Sharing

General

Target

killa.exe
Size

251KB
Sample

241203-tbee6sxlgr
MD5

78358a69077076025340aab9d5969a81
SHA1

1180e9133be91c474cc3da3e77f612abcc5ca6e8
SHA256

aa8fa515fa6a86b433a0445145ed4700c7f7141689520629347ba8a9c2e28cd9
SHA512

7140b090854761a4e1bf243f4355f1d3ad83a44193075a474bc0b006a980472215ff7424ce264f7e875b07b49b94a7a60256ff612d093f906bd02a6492395280
SSDEEP

6144:xa0T3uQwzIn51Fc/SQPbg8s3TZ4crBqB1:B08rkfYTV8B1

Score

8^/10

bootkit defense_evasion discovery evasion execution lateral_movement persistence

Malware Config

Targets

- Target
  
  killa.exe
- Size
  
  251KB
- MD5
  
  78358a69077076025340aab9d5969a81
- SHA1
  
  1180e9133be91c474cc3da3e77f612abcc5ca6e8
- SHA256
  
  aa8fa515fa6a86b433a0445145ed4700c7f7141689520629347ba8a9c2e28cd9
- SHA512
  
  7140b090854761a4e1bf243f4355f1d3ad83a44193075a474bc0b006a980472215ff7424ce264f7e875b07b49b94a7a60256ff612d093f906bd02a6492395280
- SSDEEP
  
  6144:xa0T3uQwzIn51Fc/SQPbg8s3TZ4crBqB1:B08rkfYTV8B1
Score

8^/10

bootkit defense_evasion discovery evasion execution lateral_movement persistence
- Stops running service(s)
  evasion execution
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Remote Services: SMB/Windows Admin Shares
  Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
  lateral_movement
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Pre-OS Boot

Bootkit

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Indicator Removal

File Deletion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Remote Services

SMB/Windows Admin Shares

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

bootkitdefense_evasiondiscoveryevasionexecutionlateral_movementpersistence