Overview

overview

10

Static

static

10

2024-04-24...ar.exe

windows7-x64

10

2024-04-24...ar.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-04-24_3c36f79c01a6998eb067686f937faf22_hiddentear

  • Size

    385KB

  • Sample

    240425-ackh2aca2w

  • MD5

    3c36f79c01a6998eb067686f937faf22

  • SHA1

    fa3cd8bf23d04b19b0518103cc3b0f5a96dce24c

  • SHA256

    21a83a9fe50e57323f7b990488dae5f82ea274cc2e56bddd067dc8b7c4e1fa4b

  • SHA512

    7757b637cca8a6bf884a30c64faca5c76bb57e0485ed342b8c34014e91b31ded3dbcf727cb562c1f2d452408ca31dbef59ce08a29baf2ac674e900b33479ac33

  • SSDEEP

    12288:BBE6vh+OK/gAhrWMd+s95KuY+p+ZYAr9A:BBE65bOhlOZIARA

Score
10/10
bootkitevasionpersistenceransomwarespywarestealertrojan

Malware Config

Targets

    • Target

      2024-04-24_3c36f79c01a6998eb067686f937faf22_hiddentear

    • Size

      385KB

    • MD5

      3c36f79c01a6998eb067686f937faf22

    • SHA1

      fa3cd8bf23d04b19b0518103cc3b0f5a96dce24c

    • SHA256

      21a83a9fe50e57323f7b990488dae5f82ea274cc2e56bddd067dc8b7c4e1fa4b

    • SHA512

      7757b637cca8a6bf884a30c64faca5c76bb57e0485ed342b8c34014e91b31ded3dbcf727cb562c1f2d452408ca31dbef59ce08a29baf2ac674e900b33479ac33

    • SSDEEP

      12288:BBE6vh+OK/gAhrWMd+s95KuY+p+ZYAr9A:BBE65bOhlOZIARA

    Score
    10/10
    bootkitevasionpersistenceransomwarespywarestealertrojan

    • UAC bypass

      evasiontrojan

    • Renames multiple (1065) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

2
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks