General
-
Target
image.png
-
Size
7KB
-
Sample
240702-raxh9avhkf
-
MD5
8a5d9ed2e28fbd931a184e41c1bfc448
-
SHA1
656d42a076e16b272e98b0fdef7cfc97ab5ac007
-
SHA256
92d59f918083649917c9e4d5cc01ac75f7527dd55e5adbb4dcea3f72e5d11daa
-
SHA512
1bc48370209ddca6aa3ee4e2308a9a8d7e6943b0d206d8b18504c5e5c68e450668b6fc835f2594eec883c7413375209f38446856e4e9eb588ebd7ee8aaa50a97
-
SSDEEP
192:SzG/fIsAVahNR5rwQK+wetFt1Lzi5+CnxQ032zD:SzgEaffNc+1L4vxQ0YD
Static task
static1
Behavioral task
behavioral1
Sample
image.png
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
image.png
-
Size
7KB
-
MD5
8a5d9ed2e28fbd931a184e41c1bfc448
-
SHA1
656d42a076e16b272e98b0fdef7cfc97ab5ac007
-
SHA256
92d59f918083649917c9e4d5cc01ac75f7527dd55e5adbb4dcea3f72e5d11daa
-
SHA512
1bc48370209ddca6aa3ee4e2308a9a8d7e6943b0d206d8b18504c5e5c68e450668b6fc835f2594eec883c7413375209f38446856e4e9eb588ebd7ee8aaa50a97
-
SSDEEP
192:SzG/fIsAVahNR5rwQK+wetFt1Lzi5+CnxQ032zD:SzgEaffNc+1L4vxQ0YD
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Pre-OS Boot
1Bootkit
1