6e6b500282215f414c256b268d605d45129b183b3acfb3b386f6580979e5e388 | Triage

Sharing

General

Target

2024-05-22_ed3a87eafd5bc16bc86d46c5d0627b7b_avoslocker
Size

4.3MB
Sample

240522-c5y81ahg23
MD5

ed3a87eafd5bc16bc86d46c5d0627b7b
SHA1

64267d8958a84fa386ecd7c76776ea1426a0ae27
SHA256

6e6b500282215f414c256b268d605d45129b183b3acfb3b386f6580979e5e388
SHA512

40b9cef634df8e3819d517d915926a172da4809a587d3c5c974dfc66f89c01fe254eb20a4bc5e84d35ae800e02b8dce72c1d3eb8909c624cfdf210d4f9ac1adf
SSDEEP

98304:fO/RG67kIN84klIci68xyDC2YmoieSoaSiHFnI6ts3/:i724kDi6s2YBieS96/

Score

8^/10

bootkit evasion persistence trojan

Malware Config

Targets

- Target
  
  2024-05-22_ed3a87eafd5bc16bc86d46c5d0627b7b_avoslocker
- Size
  
  4.3MB
- MD5
  
  ed3a87eafd5bc16bc86d46c5d0627b7b
- SHA1
  
  64267d8958a84fa386ecd7c76776ea1426a0ae27
- SHA256
  
  6e6b500282215f414c256b268d605d45129b183b3acfb3b386f6580979e5e388
- SHA512
  
  40b9cef634df8e3819d517d915926a172da4809a587d3c5c974dfc66f89c01fe254eb20a4bc5e84d35ae800e02b8dce72c1d3eb8909c624cfdf210d4f9ac1adf
- SSDEEP
  
  98304:fO/RG67kIN84klIci68xyDC2YmoieSoaSiHFnI6ts3/:i724kDi6s2YBieS96/
Score

8^/10

bootkit evasion persistence trojan
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistencetrojan

behavioral2

bootkitevasionpersistencetrojan