General
-
Target
Chernobyl.exe
-
Size
419KB
-
Sample
240303-wkjglaed92
-
MD5
07aab9ab01b16396006ccd984dda1ca8
-
SHA1
1c8066c4957be1f0dac95806100beb6d24115d59
-
SHA256
99bb4ada945c3d8071a150492a69d1ae4cf83820e2d77509d6eae7d0f02e05d0
-
SHA512
fd9a004a740ddfa0cc7360141948bc58584f074566a2060df21a9b0add2c3168fb32b572147850f54ec5240b57440ad7561f2826bb087d654f6d545e54aab2e9
-
SSDEEP
6144:EbbxC1o022222222222222222222222222222222222222222222222222222225:OtH04OZzv4TatsNqaJx
Static task
static1
Behavioral task
behavioral1
Sample
Chernobyl.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
Chernobyl.exe
-
Size
419KB
-
MD5
07aab9ab01b16396006ccd984dda1ca8
-
SHA1
1c8066c4957be1f0dac95806100beb6d24115d59
-
SHA256
99bb4ada945c3d8071a150492a69d1ae4cf83820e2d77509d6eae7d0f02e05d0
-
SHA512
fd9a004a740ddfa0cc7360141948bc58584f074566a2060df21a9b0add2c3168fb32b572147850f54ec5240b57440ad7561f2826bb087d654f6d545e54aab2e9
-
SSDEEP
6144:EbbxC1o022222222222222222222222222222222222222222222222222222225:OtH04OZzv4TatsNqaJx
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Modifies system executable filetype association
-
Modifies WinLogon
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Winlogon Helper DLL
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Winlogon Helper DLL
2Event Triggered Execution
1Change Default File Association
1