Overview

overview

10

Static

static

1

adada.png

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    adada.PNG

  • Size

    76KB

  • Sample

    230407-npq38sag9s

  • MD5

    7f27ce967f0c166b8b16ba9760f99acf

  • SHA1

    1d558925b3a10f88f046d553f123102992bdcd43

  • SHA256

    58087009edda7a991e05a6cd97eb1a886cabaecc747a23b184711edcface9011

  • SHA512

    57673dded5e4d203d459348d6211296f0f50d71ed0cf13bd69d214bb03d28adc44ecba8fa7256482832f50497bf761dc360e7f5b309797e506117c1733a3cb3c

  • SSDEEP

    1536:404kejL2F1oapwlO69zertfv4pDCFq9nRlG9O886+B23CgS+KhNT:40Pc6pwl59zertnE5dRlG986+BSC9vhV

Score
10/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      adada.PNG

    • Size

      76KB

    • MD5

      7f27ce967f0c166b8b16ba9760f99acf

    • SHA1

      1d558925b3a10f88f046d553f123102992bdcd43

    • SHA256

      58087009edda7a991e05a6cd97eb1a886cabaecc747a23b184711edcface9011

    • SHA512

      57673dded5e4d203d459348d6211296f0f50d71ed0cf13bd69d214bb03d28adc44ecba8fa7256482832f50497bf761dc360e7f5b309797e506117c1733a3cb3c

    • SSDEEP

      1536:404kejL2F1oapwlO69zertfv4pDCFq9nRlG9O886+B23CgS+KhNT:40Pc6pwl59zertnE5dRlG986+BSC9vhV

    Score
    10/10
    bootkitevasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Executes dropped EXE

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks