General
-
Target
Toxic Tool v2.exe
-
Size
125KB
-
Sample
240723-wrb14avdma
-
MD5
43377f23d320433968011c32860bc785
-
SHA1
f9116c2c2e45a14a6ebd2b5c70dcff69551fa565
-
SHA256
f29a44beb08b8f458f0df8ece25dd915017fc9db561daa4ea9b3b5e2d8b2b83c
-
SHA512
a10f1c063525eeca7f9d8ac37668d41c4cb457e27158189580f78d0827f7d419cb3728cfb2386298b2706cf3a28784bd7ae49615019c3fbb1d1097a7e8ddf93a
-
SSDEEP
3072:y7DhdC6kzWypvaQ0FxyNTBfX2dMKYdHWOph1mSjVlGt:yBlkZvaF4NTB/9dHWeh1ba
Static task
static1
Behavioral task
behavioral1
Sample
Toxic Tool v2.exe
Resource
win10-20240611-en
Malware Config
Targets
-
-
Target
Toxic Tool v2.exe
-
Size
125KB
-
MD5
43377f23d320433968011c32860bc785
-
SHA1
f9116c2c2e45a14a6ebd2b5c70dcff69551fa565
-
SHA256
f29a44beb08b8f458f0df8ece25dd915017fc9db561daa4ea9b3b5e2d8b2b83c
-
SHA512
a10f1c063525eeca7f9d8ac37668d41c4cb457e27158189580f78d0827f7d419cb3728cfb2386298b2706cf3a28784bd7ae49615019c3fbb1d1097a7e8ddf93a
-
SSDEEP
3072:y7DhdC6kzWypvaQ0FxyNTBfX2dMKYdHWOph1mSjVlGt:yBlkZvaF4NTB/9dHWeh1ba
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
1File Deletion
1Modify Registry
3Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1