General

  • Target

    Chernobyl.exe

  • Size

    418KB

  • Sample

    240303-c755bscc36

  • MD5

    abf9d30e0bab45481353666073989f78

  • SHA1

    b26498055f6d96620aafa27622a075206ff15be0

  • SHA256

    53a40098cb2a422dc4a3dce71d73ad15d3ea815c9a2768ae4f749606dc5ebe17

  • SHA512

    d700324ecb8b56021819de74d23097748cf5920c63f4a4b2dded75c320c2c518dd3061881f3474f2cda7010a144309e9d0aca6d7dc8927df4745ad71fe852852

  • SSDEEP

    6144:VEgbPCJo0222222222222222222222222222222222222222222222222222222F:5tH0VOZzv4TatsNqaJx

Malware Config

Targets

    • Target

      Chernobyl.exe

    • Size

      418KB

    • MD5

      abf9d30e0bab45481353666073989f78

    • SHA1

      b26498055f6d96620aafa27622a075206ff15be0

    • SHA256

      53a40098cb2a422dc4a3dce71d73ad15d3ea815c9a2768ae4f749606dc5ebe17

    • SHA512

      d700324ecb8b56021819de74d23097748cf5920c63f4a4b2dded75c320c2c518dd3061881f3474f2cda7010a144309e9d0aca6d7dc8927df4745ad71fe852852

    • SSDEEP

      6144:VEgbPCJo0222222222222222222222222222222222222222222222222222222F:5tH0VOZzv4TatsNqaJx

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Modifies WinLogon for persistence

    • UAC bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Possible privilege escalation attempt

    • Modifies file permissions

    • Modifies system executable filetype association

    • Checks whether UAC is enabled

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks