1e43c91ddfe9fab0e41657d423fe3c4fb87aad1993e5fb3f173bb36a268273f7 | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.TaskDisabler.k5Y@aaTO94BT.2611.9681
Size

1.2MB
Sample

201126-ppqgsnpzla
MD5

94e0fdb02e15e6aa0cbb0d0241a79c8d
SHA1

fb2eae92ce3a5c8b558668db9ef5560451d6528d
SHA256

1e43c91ddfe9fab0e41657d423fe3c4fb87aad1993e5fb3f173bb36a268273f7
SHA512

341b1de271b3e861b4c9deb2a1d2a6a017e1ae0ca1700283f990385156ea9e3928d0a3a19f54ee97e0bb9a2765b8c670660c0a13695a520f2b79bfdc3eb953cd

Score

10^/10

bootkit evasion persistence ransomware

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Trojan.TaskDisabler.k5Y@aaTO94BT.2611.9681
- Size
  
  1.2MB
- MD5
  
  94e0fdb02e15e6aa0cbb0d0241a79c8d
- SHA1
  
  fb2eae92ce3a5c8b558668db9ef5560451d6528d
- SHA256
  
  1e43c91ddfe9fab0e41657d423fe3c4fb87aad1993e5fb3f173bb36a268273f7
- SHA512
  
  341b1de271b3e861b4c9deb2a1d2a6a017e1ae0ca1700283f990385156ea9e3928d0a3a19f54ee97e0bb9a2765b8c670660c0a13695a520f2b79bfdc3eb953cd
Score

10^/10

bootkit evasion persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitevasionpersistenceransomware

behavioral2

bootkitevasionpersistenceransomware