Overview

overview

10

Static

static

3

hl.exe

windows10-1703-x64

10

hl.exe

windows7-x64

10

hl.exe

windows10-2004-x64

10

hl.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hl.exe

  • Size

    29.6MB

  • Sample

    240714-hrw5da1alm

  • MD5

    d5738b50bc6cf709f96cd9f9e7f4e50c

  • SHA1

    8b588497b7b67807fadf1834c16e9f554f7fbf4b

  • SHA256

    47e0da4442134986f0b78bc8a0161026b1bd77e748dbf2757eb711886b9f9c44

  • SHA512

    fdce18b94bd8ee5f63d9c87ceb6a79f9424eb3fd61c55add3414c065e7d91f9f94ba2ad4ce04fcd8d860887ce8617598413e171b34ad205b6068f16513197e24

  • SSDEEP

    786432:nmWxUTU+QOpwZS1nkZPLtghhtdK3hu0c:FIzGZakpLtghhtqpc

Score
10/10
bootkitevasionpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      hl.exe

    • Size

      29.6MB

    • MD5

      d5738b50bc6cf709f96cd9f9e7f4e50c

    • SHA1

      8b588497b7b67807fadf1834c16e9f554f7fbf4b

    • SHA256

      47e0da4442134986f0b78bc8a0161026b1bd77e748dbf2757eb711886b9f9c44

    • SHA512

      fdce18b94bd8ee5f63d9c87ceb6a79f9424eb3fd61c55add3414c065e7d91f9f94ba2ad4ce04fcd8d860887ce8617598413e171b34ad205b6068f16513197e24

    • SSDEEP

      786432:nmWxUTU+QOpwZS1nkZPLtghhtdK3hu0c:FIzGZakpLtghhtqpc

    Score
    10/10
    bootkitevasionpersistenceprivilege_escalationtrojan

    • UAC bypass

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks