Resubmissions

02-03-2024 19:41

240302-yefvmagf21 10

02-03-2024 19:39

240302-ydf41age9v 10

General

  • Target

    Chernobyl.exe

  • Size

    338KB

  • Sample

    240302-yefvmagf21

  • MD5

    0f6ef368d9dfdf12dcf44f727fbd4d5c

  • SHA1

    5bbf583c7d0f74255c13b7bbdb5d5609d80393e9

  • SHA256

    30acb23863a1043c7210c8fb75236fce5111bef305c6574e518e9d0e50d740cf

  • SHA512

    16e211d19604b49c4b6837f580ec2c83cb27868f481d3ee33394716110e32ac363165bed5e9445c3807753cac793e5a044c3986d10ab04cfbd832c68438f546c

  • SSDEEP

    6144:Ubeo02222222222222222222222222222222222222222222222222222222222w:QkHOZzv4TatsNqaJA

Malware Config

Targets

    • Target

      Chernobyl.exe

    • Size

      338KB

    • MD5

      0f6ef368d9dfdf12dcf44f727fbd4d5c

    • SHA1

      5bbf583c7d0f74255c13b7bbdb5d5609d80393e9

    • SHA256

      30acb23863a1043c7210c8fb75236fce5111bef305c6574e518e9d0e50d740cf

    • SHA512

      16e211d19604b49c4b6837f580ec2c83cb27868f481d3ee33394716110e32ac363165bed5e9445c3807753cac793e5a044c3986d10ab04cfbd832c68438f546c

    • SSDEEP

      6144:Ubeo02222222222222222222222222222222222222222222222222222222222w:QkHOZzv4TatsNqaJA

    • Modifies WinLogon for persistence

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • UAC bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Checks whether UAC is enabled

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks