Overview

overview

10

Static

static

3

WinXP.Horr...ve.exe

windows7-x64

10

WinXP.Horr...ve.exe

windows10-1703-x64

10

WinXP.Horr...ve.exe

windows10-2004-x64

10

WinXP.Horr...ve.exe

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    WinXP.Horror.Destructive.exe

  • Size

    57.9MB

  • Sample

    240329-dpe1vsgc5s

  • MD5

    063ea883f8c67d3bb22e0a465136ca4c

  • SHA1

    3a168a9153ee32b86d9a5411b0af13846c55ee1d

  • SHA256

    3b64ce283febf3207dd20c99fc53de65b07044231eb544c4c41de374a2571c5c

  • SHA512

    2dd6be23a5af8c458b94eeb5a4e83fc8cacb3fd2c2566b5682eee286c01726dca90db3d9b4e218eeded9b0c9bce8ba3c9ca9cc497e3a57aab580633a038e4b74

  • SSDEEP

    1572864:aj6L5PLk/mBCSyKOYl39GFoFEujFMm+B997DaNHN1oS72fnD9hRzZ01tO0DpvrvI:i6cSzV9GCFEujFMm+B997DaNHN1oS72X

Score
10/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      WinXP.Horror.Destructive.exe

    • Size

      57.9MB

    • MD5

      063ea883f8c67d3bb22e0a465136ca4c

    • SHA1

      3a168a9153ee32b86d9a5411b0af13846c55ee1d

    • SHA256

      3b64ce283febf3207dd20c99fc53de65b07044231eb544c4c41de374a2571c5c

    • SHA512

      2dd6be23a5af8c458b94eeb5a4e83fc8cacb3fd2c2566b5682eee286c01726dca90db3d9b4e218eeded9b0c9bce8ba3c9ca9cc497e3a57aab580633a038e4b74

    • SSDEEP

      1572864:aj6L5PLk/mBCSyKOYl39GFoFEujFMm+B997DaNHN1oS72fnD9hRzZ01tO0DpvrvI:i6cSzV9GCFEujFMm+B997DaNHN1oS72X

    Score
    10/10
    bootkitevasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks