6764182453f39a713e142b15b917a28f06bdf57cbf75f537a38dc4213555598b | Triage

Resubmissions

10-12-2024 13:48

241210-q4kacaxjas 8

10-12-2024 13:46

241210-q3gstswrgt 10

10-12-2024 13:44

241210-q1vxnssjgm 8

10-12-2024 13:42

241210-qzx1mssjfj 8

Sharing

General

Target

a
Size

1KB
Sample

241210-q4kacaxjas
MD5

d5fb513907e0bf30fd3a61a2ecd4dd51
SHA1

edb774f15d961ada35f581d84d8faa5a47422850
SHA256

6764182453f39a713e142b15b917a28f06bdf57cbf75f537a38dc4213555598b
SHA512

c7f8e36e09fbf4d7b47c764090e368d9fd0eda8b30f60ea67c06b92c3af01b7749285f3ddafa109c08dbd14b0a78f1f82cfa4f18721ec66eb551c90567b60755

Score

8^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  a
- Size
  
  1KB
- MD5
  
  d5fb513907e0bf30fd3a61a2ecd4dd51
- SHA1
  
  edb774f15d961ada35f581d84d8faa5a47422850
- SHA256
  
  6764182453f39a713e142b15b917a28f06bdf57cbf75f537a38dc4213555598b
- SHA512
  
  c7f8e36e09fbf4d7b47c764090e368d9fd0eda8b30f60ea67c06b92c3af01b7749285f3ddafa109c08dbd14b0a78f1f82cfa4f18721ec66eb551c90567b60755
Score

8^/10

discovery bootkit persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bootkitdiscoverypersistence