Overview

overview

10

Static

static

1

Infernus.bat

windows7-x64

1

Infernus.bat

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Infernus.zip

  • Size

    2KB

  • Sample

    240811-tna9aawhnn

  • MD5

    1dfc3fb2abb8cdd708549d4b1e7924d5

  • SHA1

    bec946c04cb15334c8f68907bc0f4d4eea0e819a

  • SHA256

    fc8c1e604709e9c5be5daf7f41675bbe76b9346edc5517a79981db3338c569a1

  • SHA512

    ee9305838aa0e00d4cc2452a306d177ced68a5f9c551143152aae6b0dd6aa925bd6e52dcccfc6e8c4b5440454507caeaff5fa58ef786ae652163eeac364136b0

Score
10/10
defense_evasionevasionpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      Infernus.bat

    • Size

      11KB

    • MD5

      4be987c8ffb71adbf927af14f391e362

    • SHA1

      447ab7ca2af043bcdaa585ee31be58cef42c74c0

    • SHA256

      a5d4950f36e2b73288d5c17f27f762466d50b4ffa39a1b9303c19ebfbee0e884

    • SHA512

      6620859c9085dc2b407c77940b2bb8f95c229b186a2ec20c1068660d6008e6883a2cfc1362774712ed4f62d3119a60dcbdf5df09910b345b2b6702d731931bd2

    • SSDEEP

      96:n2eaW+6+ZB5iDPDqNtO1qtQnyKRYn0KYbWLM6Xn9RSWRMclgz/wwfKlnHl0AHNr/:n2eaW+6+ZB5iDPDqN7eSRyst2wXyHp0

    Score
    10/10
    defense_evasionevasionpersistenceprivilege_escalationtrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Modifies security service

      evasion

    • Modifies Windows Firewall

      evasion

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies Security services

      Modifies the startup behavior of a security service.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

3
T1543

Windows Service

3
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

3
T1543

Windows Service

3
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Impair Defenses

3
T1562

Disable or Modify System Firewall

1
T1562.004

Disable or Modify Tools

1
T1562.001

Modify Registry

4
T1112

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks