Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Lobotomz.exe
-
Size
438KB
-
Sample
240921-yp19bazgpb
-
MD5
f713bc9b842e94a0712a0dc0f3a58cce
-
SHA1
d5c2dc86593248eac098a27e9c3ba6350f46a6fb
-
SHA256
337839269a3be5d60e52de93be53f93cab86a88cb6b331ab0d1322b32e17d83b
-
SHA512
c4cef32f25527a984ac613b174bcba2996795526c328e00003977e090551f0accb2aef37838e75a474d92f760b97223324bab8bb0bf177d856d4d3b449d3099b
-
SSDEEP
1536:N1PbVOwHQGMoivnfOv7SzMFEIePmtu/Et7v1tEYMHGWpUrrWoOTJfuVmyLUQ7wVY:N1PbVvxeeMstW4rqDu7qY
Malware Config
Targets
-
-
Target
Lobotomz.exe
-
Size
438KB
-
MD5
f713bc9b842e94a0712a0dc0f3a58cce
-
SHA1
d5c2dc86593248eac098a27e9c3ba6350f46a6fb
-
SHA256
337839269a3be5d60e52de93be53f93cab86a88cb6b331ab0d1322b32e17d83b
-
SHA512
c4cef32f25527a984ac613b174bcba2996795526c328e00003977e090551f0accb2aef37838e75a474d92f760b97223324bab8bb0bf177d856d4d3b449d3099b
-
SSDEEP
1536:N1PbVOwHQGMoivnfOv7SzMFEIePmtu/Et7v1tEYMHGWpUrrWoOTJfuVmyLUQ7wVY:N1PbVvxeeMstW4rqDu7qY
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies system executable filetype association
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1