066d99b7eeae449af840cb0b3d84c516943309684021dd227b74e40918e31577 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

sample.html

windows11-21h2-x64

8

Resubmissions

01-07-2024 06:58

240701-hrjjaaydre 1

01-07-2024 05:24

240701-f35vjs1arl 8

01-07-2024 05:22

240701-f2wv9axdja 10

01-07-2024 05:15

240701-fxkx7axclg 1

01-07-2024 05:07

240701-fscq1sxbng 8

01-07-2024 04:55

240701-fj5enswhqh 8

Sharing

General

Target

sample
Size

490KB
Sample

240701-f35vjs1arl
MD5

901bff5e87be7b3c2c3ee45da179bce4
SHA1

2bd44512efd1923b5fd06b3fe2186e506d0f3d66
SHA256

066d99b7eeae449af840cb0b3d84c516943309684021dd227b74e40918e31577
SHA512

560265edf67899f2594bba5ba16f2243a4fa50f764df17eec7d09a753ca2f0eec2ac72c9d0d70e1bfe471b060fd7e16cfb6f4dfd0029866bf6f0d34be7b00697
SSDEEP

6144:VOxTA8eA8oA89A8iA81A8dA8ZA8SA8WA8NabK:VoA1A9AcABAEAAAqAxAnAhbK

Score

8^/10

bootkit evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

sample.html

Resource

win11-20240611-en

bootkit evasion persistence

windows11-21h2-x64

21 signatures

1800 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  490KB
- MD5
  
  901bff5e87be7b3c2c3ee45da179bce4
- SHA1
  
  2bd44512efd1923b5fd06b3fe2186e506d0f3d66
- SHA256
  
  066d99b7eeae449af840cb0b3d84c516943309684021dd227b74e40918e31577
- SHA512
  
  560265edf67899f2594bba5ba16f2243a4fa50f764df17eec7d09a753ca2f0eec2ac72c9d0d70e1bfe471b060fd7e16cfb6f4dfd0029866bf6f0d34be7b00697
- SSDEEP
  
  6144:VOxTA8eA8oA89A8iA81A8dA8ZA8SA8WA8NabK:VoA1A9AcABAEAAAqAxAnAhbK
Score

8^/10

bootkit evasion persistence
- Disables Task Manager via registry modification
  evasion
- Downloads MZ/PE file
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitevasionpersistence

© 2018-2024

Terms | Privacy