General

  • Target

    Trojan.GuestVirus.exe

  • Size

    254KB

  • Sample

    241109-s3flwaxcng

  • MD5

    5aaa262b518a3417e028e001152c9236

  • SHA1

    6d1cda51302d760509822b502a8f980537d17cb0

  • SHA256

    d4682419f76d71b863481d6e17ae0ed0cbbf06581aa2480ed304c66dd9072b5b

  • SHA512

    722d7c1a4f87c10f34e6500d1712414f159da8ca9cb02b0b9f44f8df717345cbff473cfe5c486837ad6c9e2487677c7e22c2974f7c36c320a83ffc16812ffbca

  • SSDEEP

    3072://w6PYqco8r88P7kHLWwZSO1qPZg6QpakmTjG0efuiWFExDYp1:1PYM8orWwgBeVuNpp1

Malware Config

Targets

    • Target

      Trojan.GuestVirus.exe

    • Size

      254KB

    • MD5

      5aaa262b518a3417e028e001152c9236

    • SHA1

      6d1cda51302d760509822b502a8f980537d17cb0

    • SHA256

      d4682419f76d71b863481d6e17ae0ed0cbbf06581aa2480ed304c66dd9072b5b

    • SHA512

      722d7c1a4f87c10f34e6500d1712414f159da8ca9cb02b0b9f44f8df717345cbff473cfe5c486837ad6c9e2487677c7e22c2974f7c36c320a83ffc16812ffbca

    • SSDEEP

      3072://w6PYqco8r88P7kHLWwZSO1qPZg6QpakmTjG0efuiWFExDYp1:1PYM8orWwgBeVuNpp1

    • UAC bypass

    • Modifies boot configuration data using bcdedit

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • Stops running service(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • System Binary Proxy Execution: Verclsid

      Adversaries may abuse Verclsid to proxy execution of malicious code.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks