Overview

overview

10

Static

static

1

2024-05-18...il.exe

windows7-x64

6

2024-05-18...il.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-05-18_5a04ccc69dcb6542a6205cb8b0f2637c_avoslocker_magniber_revil

  • Size

    5.5MB

  • Sample

    240518-qz5eqaeb5x

  • MD5

    5a04ccc69dcb6542a6205cb8b0f2637c

  • SHA1

    a23f6b826b876884625a668611e1c9f817f26f46

  • SHA256

    50a0e8a5715aae63bcb3826943d098fa4452bbbb5c25ec1c89e80197c0c1444a

  • SHA512

    8f6685102bf72678b1d1caae479d92db329cbfce2149f76bbbe1b4dbbda57cec6aa526ec5a88b787161a0bb707f3526f576a146cc0b13799513fb9c1bea0ee58

  • SSDEEP

    98304:P3stJARnrlGCG8z1Anqn4UHw//4ENvIPpHdVorLu4TK/O4FsO:kjQnRT1MEzH4vItor64SD

Score
10/10
bruteratelbackdoorbootkitdiscoveryevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      2024-05-18_5a04ccc69dcb6542a6205cb8b0f2637c_avoslocker_magniber_revil

    • Size

      5.5MB

    • MD5

      5a04ccc69dcb6542a6205cb8b0f2637c

    • SHA1

      a23f6b826b876884625a668611e1c9f817f26f46

    • SHA256

      50a0e8a5715aae63bcb3826943d098fa4452bbbb5c25ec1c89e80197c0c1444a

    • SHA512

      8f6685102bf72678b1d1caae479d92db329cbfce2149f76bbbe1b4dbbda57cec6aa526ec5a88b787161a0bb707f3526f576a146cc0b13799513fb9c1bea0ee58

    • SSDEEP

      98304:P3stJARnrlGCG8z1Anqn4UHw//4ENvIPpHdVorLu4TK/O4FsO:kjQnRT1MEzH4vItor64SD

    Score
    10/10
    bootkitpersistencebruteratelbackdoordiscoveryevasionspywarestealertrojan

    • Brute Ratel C4

      A customized command and control framework for red teaming and adversary simulation.

      backdoorbruteratel

    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

3
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks