Resubmissions

09-05-2023 19:22

230509-x3fn4adg58 10

09-05-2023 19:14

230509-xxsrgaff7x 10

09-05-2023 19:14

230509-xxr5yadg42 7

09-05-2023 19:14

230509-xxrt6sff7w 8

09-05-2023 19:14

230509-xxrjeaff7v 8

09-05-2023 19:14

230509-xxqxwadg39 7

09-05-2023 19:14

230509-xxql4sff7t 10

09-05-2023 19:14

230509-xxqbcadg38 7

09-05-2023 19:10

230509-xvl6xadf64 10

Analysis

  • max time kernel
    144s
  • max time network
    36s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    09-05-2023 19:10

General

  • Target

    trojan-leaks-main/Mythlas.exe

  • Size

    125KB

  • MD5

    1bccdb1cbbdb299f4053dbab4236dadc

  • SHA1

    baf7c15c30c705fe99c4b5cbada6a46cd92cec22

  • SHA256

    e65c793a31137ae75a6f30ae2933bd7cae74fcd4330b6c8770c14466bc3a878f

  • SHA512

    c32b746081cf17dd1e29bf132350f753cd10636d37caddd3d3b8714675710c67420d08ff27e3d0f7aa71f0977316f62261cc5ca40badbb5d2bf76ee3972bcc3f

  • SSDEEP

    3072:b8b9IcgZfL0eMOIWBL5NVBFyQwaBXrn2wsxTOr2UlvjqZGx/1KFXd:gWtBPVBxwaBb2+x1oXd

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\Mythlas.exe
    "C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\Mythlas.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    PID:1172
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x1b0
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1744

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads