General

  • Target

    2024-05-18_5a04ccc69dcb6542a6205cb8b0f2637c_avoslocker_magniber_revil

  • Size

    5.5MB

  • Sample

    240518-qz5eqaeb5x

  • MD5

    5a04ccc69dcb6542a6205cb8b0f2637c

  • SHA1

    a23f6b826b876884625a668611e1c9f817f26f46

  • SHA256

    50a0e8a5715aae63bcb3826943d098fa4452bbbb5c25ec1c89e80197c0c1444a

  • SHA512

    8f6685102bf72678b1d1caae479d92db329cbfce2149f76bbbe1b4dbbda57cec6aa526ec5a88b787161a0bb707f3526f576a146cc0b13799513fb9c1bea0ee58

  • SSDEEP

    98304:P3stJARnrlGCG8z1Anqn4UHw//4ENvIPpHdVorLu4TK/O4FsO:kjQnRT1MEzH4vItor64SD

Malware Config

Targets

    • Target

      2024-05-18_5a04ccc69dcb6542a6205cb8b0f2637c_avoslocker_magniber_revil

    • Size

      5.5MB

    • MD5

      5a04ccc69dcb6542a6205cb8b0f2637c

    • SHA1

      a23f6b826b876884625a668611e1c9f817f26f46

    • SHA256

      50a0e8a5715aae63bcb3826943d098fa4452bbbb5c25ec1c89e80197c0c1444a

    • SHA512

      8f6685102bf72678b1d1caae479d92db329cbfce2149f76bbbe1b4dbbda57cec6aa526ec5a88b787161a0bb707f3526f576a146cc0b13799513fb9c1bea0ee58

    • SSDEEP

      98304:P3stJARnrlGCG8z1Anqn4UHw//4ENvIPpHdVorLu4TK/O4FsO:kjQnRT1MEzH4vItor64SD

    • Brute Ratel C4

      A customized command and control framework for red teaming and adversary simulation.

    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks