723b879afabf3e4bbf627a1e9f2dbcd63709891d893cc625965e4828f8125aa1 | Triage

Sharing

General

Target

FabricSodium1.16.5.zip
Size

2.0MB
Sample

250328-w4ac2aztew
MD5

8efdd2549103c68b1776bd8c5e5c95aa
SHA1

ed82f2c557971d8e98ad1c0e9ad699e8afdb5213
SHA256

723b879afabf3e4bbf627a1e9f2dbcd63709891d893cc625965e4828f8125aa1
SHA512

be6914daf1e2b2d67b3f1baeb588cba7620770294d0d1e1e69f5c386f572578ece1cefa703f6aa14954bc67a7a3d1426c42886545622761d15f42a4d403eab7a
SSDEEP

49152:zMj24A6jBbAhUkC3Up1xqVocfUDX4YQHR:zU24AQkbC3S1g9Ye

Score

10^/10

bootkit defense_evasion discovery persistence trojan

Malware Config

Targets

- Target
  
  FabricSodium 1.16.5/Launcher_FabricSodium.exe.exe
- Size
  
  2.5MB
- MD5
  
  ca4f58eadef98285c4284f83606193b2
- SHA1
  
  6590624f9a309a24701576cc9318d96efdfc9afc
- SHA256
  
  2f17b30ac709435cc9acdab1ceedf78209a7aefe14de6d9b098666c1e3f70b67
- SHA512
  
  3c2dac13127ebe7e8dfbdba96d092b63c85a10ee9b7d9e6f22e7adf27100372f0e3e213649d06b7de86bd4787ff898836b895042a649a6ee7da4eba2d2187939
- SSDEEP
  
  49152:wzf6V1jqp9ekTDKSxfHLqY+xKkmyLW5RhM0glo:wzyV0pnfOtIFIlo
Score

10^/10

bootkit defense_evasion discovery persistence trojan
- UAC bypass
  defense_evasion trojan
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  defense_evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Image File Execution Options Injection

Pre-OS Boot

Bootkit

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdefense_evasiondiscoverypersistencetrojan

behavioral2

bootkitdefense_evasiondiscoverypersistencetrojan