General
-
Target
Chernobyl.exe
-
Size
419KB
-
Sample
240303-wrrrjsee85
-
MD5
6af6c1ad5299c91303fa3eba88d215ae
-
SHA1
b0ee45c6b965d37a6dab8bdbdae22c2241e6c118
-
SHA256
d762bff854ccaea043b18ef8a1c290aee0632ce517625ffb44d743e41c02bf9b
-
SHA512
635e36ba5869b33d763c3d89a4b64efdf2f9d9e93a514f4b88a9be39f0fdbe1572038e6519c26b88299379d57804a6f530960525406a22b03ff66da7989156e1
-
SSDEEP
6144:TtbAR4o02222222222222222222222222222222222222222222222222222222o:stH0XOZzv4TatsNqaJx
Static task
static1
Behavioral task
behavioral1
Sample
Chernobyl.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
Chernobyl.exe
-
Size
419KB
-
MD5
6af6c1ad5299c91303fa3eba88d215ae
-
SHA1
b0ee45c6b965d37a6dab8bdbdae22c2241e6c118
-
SHA256
d762bff854ccaea043b18ef8a1c290aee0632ce517625ffb44d743e41c02bf9b
-
SHA512
635e36ba5869b33d763c3d89a4b64efdf2f9d9e93a514f4b88a9be39f0fdbe1572038e6519c26b88299379d57804a6f530960525406a22b03ff66da7989156e1
-
SSDEEP
6144:TtbAR4o02222222222222222222222222222222222222222222222222222222o:stH0XOZzv4TatsNqaJx
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Modifies system executable filetype association
-
Modifies WinLogon
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Winlogon Helper DLL
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Winlogon Helper DLL
2Event Triggered Execution
1Change Default File Association
1