General
-
Target
2024-06-12_17-25-16 (1).mkv
-
Size
8.4MB
-
Sample
240615-qaqj9svgpq
-
MD5
da618ecc84aeb8b3ecff4917fdaef79e
-
SHA1
39a7d35196627e1dec8f4183d98db80cf5e6192e
-
SHA256
6d0d28599bdae5e1be654c7e452fb52f3c6db970c21ec5659397756f53502f09
-
SHA512
af916975141ebbeb3f340d4d7f890dc910c2197eac92a5f7869c21f8348d665a2681e173eb148be29b16f4f99de11acf46d6e089dee747be6b36997352e21965
-
SSDEEP
196608:lnFKfQM1EIl3cN8p7CldOqWqUzDuKpEfJQEjpXzj:lwL1EIyNyCOjbHuKEQEVjj
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-12_17-25-16 (1).mkv
Resource
win11-20240611-en
Malware Config
Targets
-
-
Target
2024-06-12_17-25-16 (1).mkv
-
Size
8.4MB
-
MD5
da618ecc84aeb8b3ecff4917fdaef79e
-
SHA1
39a7d35196627e1dec8f4183d98db80cf5e6192e
-
SHA256
6d0d28599bdae5e1be654c7e452fb52f3c6db970c21ec5659397756f53502f09
-
SHA512
af916975141ebbeb3f340d4d7f890dc910c2197eac92a5f7869c21f8348d665a2681e173eb148be29b16f4f99de11acf46d6e089dee747be6b36997352e21965
-
SSDEEP
196608:lnFKfQM1EIl3cN8p7CldOqWqUzDuKpEfJQEjpXzj:lwL1EIyNyCOjbHuKEQEVjj
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
3Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Pre-OS Boot
1Bootkit
1