6e6b500282215f414c256b268d605d45129b183b3acfb3b386f6580979e5e388 | Triage

Sharing

General

Target

2024-05-22_ed3a87eafd5bc16bc86d46c5d0627b7b_avoslocker
Size

4.3MB
Sample

240522-c5y81ahg23
MD5

ed3a87eafd5bc16bc86d46c5d0627b7b
SHA1

64267d8958a84fa386ecd7c76776ea1426a0ae27
SHA256

6e6b500282215f414c256b268d605d45129b183b3acfb3b386f6580979e5e388
SHA512

40b9cef634df8e3819d517d915926a172da4809a587d3c5c974dfc66f89c01fe254eb20a4bc5e84d35ae800e02b8dce72c1d3eb8909c624cfdf210d4f9ac1adf
SSDEEP

98304:fO/RG67kIN84klIci68xyDC2YmoieSoaSiHFnI6ts3/:i724kDi6s2YBieS96/

Score

8^/10

bootkit evasion persistence trojan

Malware Config

Targets

- Target
  
  2024-05-22_ed3a87eafd5bc16bc86d46c5d0627b7b_avoslocker
- Size
  
  4.3MB
- MD5
  
  ed3a87eafd5bc16bc86d46c5d0627b7b
- SHA1
  
  64267d8958a84fa386ecd7c76776ea1426a0ae27
- SHA256
  
  6e6b500282215f414c256b268d605d45129b183b3acfb3b386f6580979e5e388
- SHA512
  
  40b9cef634df8e3819d517d915926a172da4809a587d3c5c974dfc66f89c01fe254eb20a4bc5e84d35ae800e02b8dce72c1d3eb8909c624cfdf210d4f9ac1adf
- SSDEEP
  
  98304:fO/RG67kIN84klIci68xyDC2YmoieSoaSiHFnI6ts3/:i724kDi6s2YBieS96/
Score

8^/10

bootkit evasion persistence trojan
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitevasionpersistencetrojan

behavioral2

bootkitevasionpersistencetrojan