General
-
Target
Chernobyl.exe
-
Size
418KB
-
Sample
240303-c755bscc36
-
MD5
abf9d30e0bab45481353666073989f78
-
SHA1
b26498055f6d96620aafa27622a075206ff15be0
-
SHA256
53a40098cb2a422dc4a3dce71d73ad15d3ea815c9a2768ae4f749606dc5ebe17
-
SHA512
d700324ecb8b56021819de74d23097748cf5920c63f4a4b2dded75c320c2c518dd3061881f3474f2cda7010a144309e9d0aca6d7dc8927df4745ad71fe852852
-
SSDEEP
6144:VEgbPCJo0222222222222222222222222222222222222222222222222222222F:5tH0VOZzv4TatsNqaJx
Static task
static1
Behavioral task
behavioral1
Sample
Chernobyl.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
Chernobyl.exe
-
Size
418KB
-
MD5
abf9d30e0bab45481353666073989f78
-
SHA1
b26498055f6d96620aafa27622a075206ff15be0
-
SHA256
53a40098cb2a422dc4a3dce71d73ad15d3ea815c9a2768ae4f749606dc5ebe17
-
SHA512
d700324ecb8b56021819de74d23097748cf5920c63f4a4b2dded75c320c2c518dd3061881f3474f2cda7010a144309e9d0aca6d7dc8927df4745ad71fe852852
-
SSDEEP
6144:VEgbPCJo0222222222222222222222222222222222222222222222222222222F:5tH0VOZzv4TatsNqaJx
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Modifies system executable filetype association
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Winlogon Helper DLL
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Winlogon Helper DLL
2Event Triggered Execution
1Change Default File Association
1