General
-
Target
2024-08-07_053bc2f48ebd02038c219f55462ae948_avoslocker_hijackloader_magniber_revil
-
Size
5.6MB
-
Sample
240807-njjrza1ejh
-
MD5
053bc2f48ebd02038c219f55462ae948
-
SHA1
054391d58bfb5860f7944bd00aa2a0084786addb
-
SHA256
422fd6f376378ebb382843e9380b58f82aaa7a70a6587c4751f67fa291331bca
-
SHA512
cdf902d3296d6f70433db6d3917a8711ee66bc649ffacebd7b86da5cf56c157e633438fd8b9cb24297e1f4da08b631bf3a738e5590f6bda54fa42950ffb28410
-
SSDEEP
98304:IeF0/sAT4mGfckjASn3ZCto1N1BpxgTuiN54AR6KPOvB/TmmU:LSsATN+V3k0pxMkARP4Q
Malware Config
Targets
-
-
Target
2024-08-07_053bc2f48ebd02038c219f55462ae948_avoslocker_hijackloader_magniber_revil
-
Size
5.6MB
-
MD5
053bc2f48ebd02038c219f55462ae948
-
SHA1
054391d58bfb5860f7944bd00aa2a0084786addb
-
SHA256
422fd6f376378ebb382843e9380b58f82aaa7a70a6587c4751f67fa291331bca
-
SHA512
cdf902d3296d6f70433db6d3917a8711ee66bc649ffacebd7b86da5cf56c157e633438fd8b9cb24297e1f4da08b631bf3a738e5590f6bda54fa42950ffb28410
-
SSDEEP
98304:IeF0/sAT4mGfckjASn3ZCto1N1BpxgTuiN54AR6KPOvB/TmmU:LSsATN+V3k0pxMkARP4Q
Score8/10-
Blocklisted process makes network request
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
3Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1