General
-
Target
983feeba8559708cdf24ccfe95e6b500N
-
Size
1.4MB
-
Sample
240908-bbsnpaxfmd
-
MD5
983feeba8559708cdf24ccfe95e6b500
-
SHA1
0284cd93330c39a56517c0524b58f99bae212e05
-
SHA256
f2c407fd5807bfef519782f4a1ddb692e517253458038af8cb95afa1c9d12867
-
SHA512
f69524363cd51da69ca2cc46f83b8cfb743aa3db1eff0041a0e3106ac2a1f40e7886a21813bb23f45fef46777c490dacfc20cce76ca6b76738786785045884a1
-
SSDEEP
24576:cFOa8YUyYp231mT6lq7UM4nM2dNR0iTgk22FyDbJ7wDS+eUZ:smwmTSWUMIM2p0iTgkf4V7rUZ
Malware Config
Targets
-
-
Target
983feeba8559708cdf24ccfe95e6b500N
-
Size
1.4MB
-
MD5
983feeba8559708cdf24ccfe95e6b500
-
SHA1
0284cd93330c39a56517c0524b58f99bae212e05
-
SHA256
f2c407fd5807bfef519782f4a1ddb692e517253458038af8cb95afa1c9d12867
-
SHA512
f69524363cd51da69ca2cc46f83b8cfb743aa3db1eff0041a0e3106ac2a1f40e7886a21813bb23f45fef46777c490dacfc20cce76ca6b76738786785045884a1
-
SSDEEP
24576:cFOa8YUyYp231mT6lq7UM4nM2dNR0iTgk22FyDbJ7wDS+eUZ:smwmTSWUMIM2p0iTgkf4V7rUZ
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
r77
r77 is an open-source, userland rootkit.
-
r77 rootkit payload
Detects the payload of the r77 rootkit.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1