Overview

overview

10

Static

static

1

MalRepairT...up.exe

windows7-x64

7

MalRepairT...up.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MalRepairToolkitSetup.exe

  • Size

    6.0MB

  • Sample

    231001-nbczfsab7t

  • MD5

    23f2491a8116caf1d2b1f5b39676577f

  • SHA1

    5f51b6110c8f1cdea547ff873778e24cb6b20596

  • SHA256

    a44aaca64d14fa31d3752ae67fe709a3cdec6369f4547792cbe60e4a1f945bf8

  • SHA512

    535ec265ba12da399e8d73f6f7305ddea1bc50a804ae8d09e219ad7819da63bc3949495eda888b66c59ef6628651b266125161187e100e1e24d668732458d187

  • SSDEEP

    98304:00xNLNQWgAERBO59FQr58uXfCB52ceG6XKALJE/mQmN+fmYmVzgdgoB9H:1xNufAVucP6XKk0m9N+fmYmXoTH

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      MalRepairToolkitSetup.exe

    • Size

      6.0MB

    • MD5

      23f2491a8116caf1d2b1f5b39676577f

    • SHA1

      5f51b6110c8f1cdea547ff873778e24cb6b20596

    • SHA256

      a44aaca64d14fa31d3752ae67fe709a3cdec6369f4547792cbe60e4a1f945bf8

    • SHA512

      535ec265ba12da399e8d73f6f7305ddea1bc50a804ae8d09e219ad7819da63bc3949495eda888b66c59ef6628651b266125161187e100e1e24d668732458d187

    • SSDEEP

      98304:00xNLNQWgAERBO59FQr58uXfCB52ceG6XKALJE/mQmN+fmYmVzgdgoB9H:1xNufAVucP6XKk0m9N+fmYmXoTH

    Score
    10/10
    evasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

5
T1112

Credential Access

Discovery

Peripheral Device Discovery

2
T1120

Query Registry

3
T1012

System Information Discovery

5
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks