infinitylock | 05743be93aec4d652f17c2649b3426e153fa4ac7cd6db867b44ace379937252e | Triage

Submit
Reports

Overview

overview

Static

static

1

The-MALWARE-Repo

windows11-21h2-x64

Sharing

General

Target

The-MALWARE-Repo
Size

301KB
Sample

241111-2w1sxayerj
MD5

4f3201352d421524e9984b3c071ecbae
SHA1

856405b16215a482f6f6789e12cf45b571ccb8a6
SHA256

05743be93aec4d652f17c2649b3426e153fa4ac7cd6db867b44ace379937252e
SHA512

44e42d4085fcde5aac3af86dc2e505124a5fe481b51c5aee04b41976ee0d474b0f0cf19f72d8aa01526ecca46ce3d690163dc53b8e2c751ab486b202ca2d2ff8
SSDEEP

6144:xhoISpOL/saqkPV9FemLtcsDSsmwj9dvZJT3CqbMrhryf65NRPaCieMjAkvCJv1L:zoISpOL/saqkPV9FemLtcsDSsmwj9dvW

Score

10^/10

infinitylock aspackv2 bootkit defense_evasion discovery persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

The-MALWARE-Repo

Resource

win11-20241007-en

infinitylock aspackv2 bootkit defense_evasion discovery persistence ransomware

windows11-21h2-x64

25 signatures

300 seconds

Malware Config

Targets

- Target
  
  The-MALWARE-Repo
- Size
  
  301KB
- MD5
  
  4f3201352d421524e9984b3c071ecbae
- SHA1
  
  856405b16215a482f6f6789e12cf45b571ccb8a6
- SHA256
  
  05743be93aec4d652f17c2649b3426e153fa4ac7cd6db867b44ace379937252e
- SHA512
  
  44e42d4085fcde5aac3af86dc2e505124a5fe481b51c5aee04b41976ee0d474b0f0cf19f72d8aa01526ecca46ce3d690163dc53b8e2c751ab486b202ca2d2ff8
- SSDEEP
  
  6144:xhoISpOL/saqkPV9FemLtcsDSsmwj9dvZJT3CqbMrhryf65NRPaCieMjAkvCJv1L:zoISpOL/saqkPV9FemLtcsDSsmwj9dvW
Score

10^/10

infinitylock aspackv2 bootkit defense_evasion discovery persistence ransomware
- InfinityLock Ransomware
  Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
  ransomware infinitylock
- Infinitylock family
  infinitylock
- Downloads MZ/PE file
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

infinitylockaspackv2bootkitdefense_evasiondiscoverypersistenceransomware

© 2018-2024

Terms | Privacy