General
-
Target
Trojan.GuestVirus.exe
-
Size
254KB
-
Sample
241109-s3flwaxcng
-
MD5
5aaa262b518a3417e028e001152c9236
-
SHA1
6d1cda51302d760509822b502a8f980537d17cb0
-
SHA256
d4682419f76d71b863481d6e17ae0ed0cbbf06581aa2480ed304c66dd9072b5b
-
SHA512
722d7c1a4f87c10f34e6500d1712414f159da8ca9cb02b0b9f44f8df717345cbff473cfe5c486837ad6c9e2487677c7e22c2974f7c36c320a83ffc16812ffbca
-
SSDEEP
3072://w6PYqco8r88P7kHLWwZSO1qPZg6QpakmTjG0efuiWFExDYp1:1PYM8orWwgBeVuNpp1
Static task
static1
Behavioral task
behavioral1
Sample
Trojan.GuestVirus.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Trojan.GuestVirus.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Trojan.GuestVirus.exe
-
Size
254KB
-
MD5
5aaa262b518a3417e028e001152c9236
-
SHA1
6d1cda51302d760509822b502a8f980537d17cb0
-
SHA256
d4682419f76d71b863481d6e17ae0ed0cbbf06581aa2480ed304c66dd9072b5b
-
SHA512
722d7c1a4f87c10f34e6500d1712414f159da8ca9cb02b0b9f44f8df717345cbff473cfe5c486837ad6c9e2487677c7e22c2974f7c36c320a83ffc16812ffbca
-
SSDEEP
3072://w6PYqco8r88P7kHLWwZSO1qPZg6QpakmTjG0efuiWFExDYp1:1PYM8orWwgBeVuNpp1
-
Modifies boot configuration data using bcdedit
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
System Binary Proxy Execution: Verclsid
Adversaries may abuse Verclsid to proxy execution of malicious code.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
1Indicator Removal
1File Deletion
1Modify Registry
2Pre-OS Boot
1Bootkit
1System Binary Proxy Execution
1Verclsid
1