infinitylock | ba580f566eff785f741c99a84877b6e867b8805210c91205b5bcd21a59fa7aeb | Triage

Submit
Reports

Overview

overview

Static

static

1

bitdefende...ee.exe

windows7-x64

bitdefende...ee.exe

windows10-1703-x64

6

bitdefende...ee.exe

windows10-2004-x64

6

bitdefende...ee.exe

windows11-21h2-x64

6

Resubmissions

08-08-2024 23:22

240808-3c2frswcmh 6

08-08-2024 18:12

240808-wte6jaxanr 10

Sharing

General

Target

bitdefender_avfree.exe
Size

14.1MB
Sample

240808-wte6jaxanr
MD5

fd1e2d74ee69d385ffe392de738a09a8
SHA1

cffdc38420d50f6d2672fc5c9c3267f12b8d08b8
SHA256

ba580f566eff785f741c99a84877b6e867b8805210c91205b5bcd21a59fa7aeb
SHA512

94352897ab620e1970ab895bc5372ddf188ef2d2878965b2ff54efbfc61ff5a15019fa6f96bebc7142a997ce625c6d6e3685aa972fbff2c18627fc7fc0e55890
SSDEEP

393216:eVyaXw17m887vq+vb7fmBWASpNuGNvHqmbeQ:yyaA17mfq+vb6WAooixf

Score

10^/10

infinitylock bootkit defense_evasion discovery persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

bitdefender_avfree.exe

Resource

win7-20240708-en

infinitylock bootkit defense_evasion discovery persistence ransomware

windows7-x64

32 signatures

1800 seconds

Behavioral task

behavioral2

Sample

bitdefender_avfree.exe

Resource

win10-20240404-en

discovery persistence

windows10-1703-x64

30 signatures

1800 seconds

Behavioral task

behavioral3

Sample

bitdefender_avfree.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

18 signatures

1800 seconds

Behavioral task

behavioral4

Sample

bitdefender_avfree.exe

Resource

win11-20240802-en

windows11-21h2-x64

16 signatures

1800 seconds

Malware Config

Targets

- Target
  
  bitdefender_avfree.exe
- Size
  
  14.1MB
- MD5
  
  fd1e2d74ee69d385ffe392de738a09a8
- SHA1
  
  cffdc38420d50f6d2672fc5c9c3267f12b8d08b8
- SHA256
  
  ba580f566eff785f741c99a84877b6e867b8805210c91205b5bcd21a59fa7aeb
- SHA512
  
  94352897ab620e1970ab895bc5372ddf188ef2d2878965b2ff54efbfc61ff5a15019fa6f96bebc7142a997ce625c6d6e3685aa972fbff2c18627fc7fc0e55890
- SSDEEP
  
  393216:eVyaXw17m887vq+vb7fmBWASpNuGNvHqmbeQ:yyaA17mfq+vb6WAooixf
Score

10^/10

infinitylock bootkit defense_evasion discovery persistence ransomware
- InfinityLock Ransomware
  Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
  ransomware infinitylock
- Drops file in Drivers directory
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Adds Run key to start application
  persistence
- Downloads MZ/PE file
- Legitimate hosting services abused for malware hosting/C2
- Program crash
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

infinitylockbootkitdefense_evasiondiscoverypersistenceransomware

behavioral2

discoverypersistence

behavioral3

behavioral4

© 2018-2024

Terms | Privacy