055b0426a2519c9e388863d176929b21183f75d470d6d34134461a10bca13ab5 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

6b27b5b13f...40.exe

windows7-x64

7

6b27b5b13f...40.exe

windows10-2004-x64

7

Sharing

General

Target

6b27b5b13f59cea17f9b9685b5119640.bin
Size

43.5MB
Sample

240630-cweg8ssdra
MD5

6b27b5b13f59cea17f9b9685b5119640
SHA1

30bed25161c53bdd3bb901dea2896c93471500f1
SHA256

055b0426a2519c9e388863d176929b21183f75d470d6d34134461a10bca13ab5
SHA512

c685fa45607f888d073874d89ecb0773a67653f4cc7e3cb9cf0db56d3ce0ebc524565572facd453ce9074f0561e4be897b2a9a763e21f89bd835264b8d44d5a9
SSDEEP

786432:xwvnIe84yEZwcCUmeaeYzeyChA/tQ1/BJ754U/Hz4gQ7sCZzEECamVX80:xwvn7yBVea3zFCK/8J75RvzZ6EEgVn

Score

7^/10

bootkit discovery persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6b27b5b13f59cea17f9b9685b5119640.exe

Resource

win7-20240508-en

bootkit discovery persistence

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

6b27b5b13f59cea17f9b9685b5119640.exe

Resource

win10v2004-20240611-en

bootkit discovery persistence

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  6b27b5b13f59cea17f9b9685b5119640.bin
- Size
  
  43.5MB
- MD5
  
  6b27b5b13f59cea17f9b9685b5119640
- SHA1
  
  30bed25161c53bdd3bb901dea2896c93471500f1
- SHA256
  
  055b0426a2519c9e388863d176929b21183f75d470d6d34134461a10bca13ab5
- SHA512
  
  c685fa45607f888d073874d89ecb0773a67653f4cc7e3cb9cf0db56d3ce0ebc524565572facd453ce9074f0561e4be897b2a9a763e21f89bd835264b8d44d5a9
- SSDEEP
  
  786432:xwvnIe84yEZwcCUmeaeYzeyChA/tQ1/BJ754U/Hz4gQ7sCZzEECamVX80:xwvn7yBVea3zFCK/8J75RvzZ6EEgVn
Score

7^/10

bootkit discovery persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence

© 2018-2024

Terms | Privacy