r77 | a2c7b7cc8423b1efec7868a8448730790a86a5fe45603441ed492131d197adeb | Triage

Sharing

General

Target

a2c7b7cc8423b1efec7868a8448730790a86a5fe45603441ed492131d197adeb
Size

1.2MB
Sample

240306-2c6j2sca5w
MD5

da0bcec014e398e3faba845bd73cfbda
SHA1

af957f165473b0ad284f0ecaa22aceada86c981d
SHA256

a2c7b7cc8423b1efec7868a8448730790a86a5fe45603441ed492131d197adeb
SHA512

f315030eed014bc206b44c5854d66b8cf4f13679308d4a7260fa36291634290dc363be644d3f93aef89e558e078db15aa502a181487ad4470ffb61b9325cecb1
SSDEEP

24576:PFOa+uxkXWtPcZztujn7z3LG5KuRgPKvbJ7QDS9+uot:tNkXWNcRtuz7GI3yvV79a

Score

10^/10

r77 evasion persistence rootkit

Malware Config

Targets

- Target
  
  a2c7b7cc8423b1efec7868a8448730790a86a5fe45603441ed492131d197adeb
- Size
  
  1.2MB
- MD5
  
  da0bcec014e398e3faba845bd73cfbda
- SHA1
  
  af957f165473b0ad284f0ecaa22aceada86c981d
- SHA256
  
  a2c7b7cc8423b1efec7868a8448730790a86a5fe45603441ed492131d197adeb
- SHA512
  
  f315030eed014bc206b44c5854d66b8cf4f13679308d4a7260fa36291634290dc363be644d3f93aef89e558e078db15aa502a181487ad4470ffb61b9325cecb1
- SSDEEP
  
  24576:PFOa+uxkXWtPcZztujn7z3LG5KuRgPKvbJ7QDS9+uot:tNkXWNcRtuz7GI3yvV79a
Score

10^/10

r77 evasion persistence rootkit
- Modifies visiblity of hidden/system files in Explorer
  evasion
- r77
  r77 is an open-source, userland rootkit.
  rootkit r77
- r77 rootkit payload
  Detects the payload of the r77 rootkit.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

r77evasionpersistencerootkit

behavioral2

r77evasionpersistencerootkit