Overview

overview

10

Static

static

1

ToX_Free_U....8.bat

windows7-x64

1

ToX_Free_U....8.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ToX_Free_Utility_v1.8.bat

  • Size

    96KB

  • Sample

    240911-ng577ayamd

  • MD5

    77833823ecd3754d0099e019f7e885d0

  • SHA1

    e65494c444f7c42032372a09e1179c6f6950ae24

  • SHA256

    26f07e440dfd3b8b410fdd75ec04595b79c57e8be2a13c14dd746840ff33983c

  • SHA512

    52f951f9f253af8499538d810f53242f32c24c7f6b27d8ef76abf2c8c8b1c8e7d31e0b3a7c52ad70fdd1f41a54fa023b21fde7bea24942fa6bf61afb4dd95547

  • SSDEEP

    768:SXQO3gNjy0y7PHYW9CyptHDXxRSyeVlEeOh/853gzI1vavQw8gsQmVHQQCHQVbOy:GQTgvptHriyd017wIUS

Score
10/10
evasionexecutionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      ToX_Free_Utility_v1.8.bat

    • Size

      96KB

    • MD5

      77833823ecd3754d0099e019f7e885d0

    • SHA1

      e65494c444f7c42032372a09e1179c6f6950ae24

    • SHA256

      26f07e440dfd3b8b410fdd75ec04595b79c57e8be2a13c14dd746840ff33983c

    • SHA512

      52f951f9f253af8499538d810f53242f32c24c7f6b27d8ef76abf2c8c8b1c8e7d31e0b3a7c52ad70fdd1f41a54fa023b21fde7bea24942fa6bf61afb4dd95547

    • SSDEEP

      768:SXQO3gNjy0y7PHYW9CyptHDXxRSyeVlEeOh/853gzI1vavQw8gsQmVHQQCHQVbOy:GQTgvptHriyd017wIUS

    Score
    10/10
    evasionexecutionpersistenceransomwaretrojan

    • UAC bypass

      evasiontrojan

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Event Triggered Execution

1
T1546

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Event Triggered Execution

1
T1546

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Modify Registry

3
T1112

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

1
T1490

Tasks