Overview

overview

8

Static

static

3

disable-defender.exe

windows7-x64

8

disable-defender.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    disable-defender.exe

  • Size

    294KB

  • Sample

    230716-vf2a6sfh74

  • MD5

    10fc8b2915c43aa16b6a2e2b4529adc5

  • SHA1

    0c15286457963eb86d61d83642870a3473ef38fe

  • SHA256

    feb09cc39b1520d228e9e9274500b8c229016d6fc8018a2bf19aa9d3601492c5

  • SHA512

    421631c06408c3be522953459228d2e1d45eeeafce29dba7746c8485a105b59c3a2c0d9e2ffc6d89126cd825ffd09ebe7eb82223a69d1f5caf441feb01e57897

  • SSDEEP

    6144:iZQUudV196PTIr8Py794fexEPBBKohz0vF:P56LIyTnBBKoS

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      disable-defender.exe

    • Size

      294KB

    • MD5

      10fc8b2915c43aa16b6a2e2b4529adc5

    • SHA1

      0c15286457963eb86d61d83642870a3473ef38fe

    • SHA256

      feb09cc39b1520d228e9e9274500b8c229016d6fc8018a2bf19aa9d3601492c5

    • SHA512

      421631c06408c3be522953459228d2e1d45eeeafce29dba7746c8485a105b59c3a2c0d9e2ffc6d89126cd825ffd09ebe7eb82223a69d1f5caf441feb01e57897

    • SSDEEP

      6144:iZQUudV196PTIr8Py794fexEPBBKohz0vF:P56LIyTnBBKoS

    Score
    8/10
    bootkitpersistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks