General
-
Target
Virus2(2).iso
-
Size
1.5MB
-
Sample
241112-1xp75avrbm
-
MD5
4574c69067151fe92985b3ce8f967ce9
-
SHA1
09b0d4852e19f4ac68d9cc354de9f192dfa329ed
-
SHA256
c700076cbed01f98864f88477bc438eaa83a5680b094357c34a23966712ed453
-
SHA512
774bc74e0bfe832f0b57c8e3e738cd0154ca47a00151f9109c5fe43197c4e8a9c50876c5b0a637eeff0c54918a4739f20312430d0a8fb76adb5a8a388e9faf7e
-
SSDEEP
24576:E7zoWJchffi8qV9GKgjaeCrVZcTNdt7nGGHlOi9E3AAqzM5:E7ki8qVwFBCoNdt7BHlOi9E3AAqzQ
Static task
static1
Behavioral task
behavioral1
Sample
Chorume.exe
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
Holmium1.01.exe
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
Holzer.exe
Resource
win11-20241007-en
Behavioral task
behavioral4
Sample
MEMZ.exe
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
Monoxide.exe
Resource
win11-20241007-en
Behavioral task
behavioral6
Sample
Protactinium.exe
Resource
win11-20241007-en
Behavioral task
behavioral7
Sample
Ruthenium.exe
Resource
win11-20241007-en
Behavioral task
behavioral8
Sample
tin.exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
Chorume.exe
-
Size
422KB
-
MD5
9899401ba1c823c128e959d7de3ab5f6
-
SHA1
7d920fcc6a51b0fb4e66e7024dae1280b56a3297
-
SHA256
f9cbd2d541ac93c7d573d190fa11614e0d15da6256c5a941725d2bd55b2d6ab9
-
SHA512
66bd7a34a7229a3d632ae86487fa2dd9ef2cf14e5faffddb5f82ba9243928d8daf50a3151827561b0a587a6850ea7c515434f7de621f2158ccddae217b92fe6f
-
SSDEEP
6144:siprubKo5yzKaE4EwP0fKb8TvnewbDAbMPQXIKGKg+kfgEHAy0m9N74gGoAGu3:silubKaqW9wuKb8TPeUkN9GKgTfa83C
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Holmium1.01.exe
-
Size
126KB
-
MD5
c5bff96cabce5fdaad88d58dfe16ca96
-
SHA1
8607363137418ebe82c005d6f585f4a385be460d
-
SHA256
763b04a88559fd1ef98c45c528ea034a646f5a3109512d88ae86b2eae8b10388
-
SHA512
8280ad4e795b51c2c2ef281c214c74f36fae2f175662af761884d304803a4741a608d99cddbea4903dbc63604750c1cfd3794320bb44d4ce56a5a236ac1cb9b0
-
SSDEEP
3072:2z/euuBVs2wtfDCXJHrs6JfYjbI/O6YHSDJY4M:auBVyO66Yt
Score8/10-
Disables Task Manager via registry modification
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Holzer.exe
-
Size
135KB
-
MD5
c971c68b4e58ccc82802b21ae8488bc7
-
SHA1
7305f3a0a0a0d489e0bcf664353289f61556de77
-
SHA256
cede0b15d88c20bc750b516858f8bf31ee472f6cbd01640840890736c4333cce
-
SHA512
ff199691c35f2748772410bf454e8b76dd67d892dd76fc87d20b3bbe6c145c6af1685344de636326692df792f55d0fba9a0025a7cf491d0b4e73ff45c3b039d7
-
SSDEEP
3072:2EYGNIaWY/0kTKxIJXtJ0YCHiQtSetFITTTTTHvvvvvNKB:HN5TKvr9PuKB
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
MEMZ.exe
-
Size
16KB
-
MD5
1d5ad9c8d3fee874d0feb8bfac220a11
-
SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595
-
SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
-
SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
-
SSDEEP
192:M2WgyvSW8gRc6olcIEiwqZKBkDFR43xWTM3LHf26gFrcx3sNq:JWgnSmFlcIqq3agmLH+6gF23sN
Score7/10-
A potential corporate email address has been identified in the URL: [email protected]
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Monoxide.exe
-
Size
285KB
-
MD5
2d86c59f442d667212cf3b69967fe891
-
SHA1
0d686590ad41c4fff6323c1712f95eb58b628f99
-
SHA256
6fb7cefd67ceb6573e47e0401f90496fe6c7555c7969120158d65deb1ee75a62
-
SHA512
955a38631738ac0c01784878e9b62ae589a8651a632c9da425ef6c08ad3e19abe3ae1f2e175a57774a6cb04162dc0eda6889cf8ed9c7040f0c15dc0b0692a0a5
-
SSDEEP
3072:8ggtCunocB7XmfOZBGpjka+q10UGuBNFndQ8333AlOi9E3AAqgm2Jy6t:TcB7X6OnGpjkyD3nOHlOi9E3AAqgmM5
Score3/10 -
-
-
Target
Protactinium.exe
-
Size
43KB
-
MD5
f6aa0dd947ff84db2c0e991aab776dcc
-
SHA1
73d377c8d4b7d04ac9fd6c47d74491d76ca6cf6e
-
SHA256
2ab5f10366ebad9e4af9369730495a6bd48ad278e78f880a54d583024491786d
-
SHA512
3d81ae0131c6fc531d0592259d5cf7296aa61487de785e5b534a696867ae9ef8abae19aa1b938a62db6492af38829dfdbeb7da0d69ba2253b26cb8dd41d8bc83
-
SSDEEP
384:1bGThpZmtWqjV0rABs4q56hDLApNEKYZWVOggl6k4+jQukJs0yjW:1bSutWvkBsXqApNTuB/7jeRH
Score8/10-
Disables RegEdit via registry modification
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Ruthenium.exe
-
Size
36KB
-
MD5
a1f174ce74dbe0e84e2c2964b29de0fd
-
SHA1
d4dd4b86ec50b2ea2519f5472642d30301e20aa3
-
SHA256
5066c3a750eb6f07addf5cee1e6b00894c52e1c4fbf1702befcd5ac9bf1d83f3
-
SHA512
41edeab57b55b74a22ac46814f985a78704b35c14d330d5264765ce9a22d19762659a47cfce13fcef28f322ed0a018976585dd65270690422b64b4860a2ecd31
-
SSDEEP
384:x6j2tyffbHj9X8EY5Z3absnexUDoRGAGYk2zWfAozcQcgJgyBkAg+jdGb90kGj:SDD9hYbqbhFZkeWoecuiATjXp
Score8/10-
Disables Task Manager via registry modification
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
tin.exe
-
Size
439KB
-
MD5
b3edc0708fb191e2d3016c68585ed31e
-
SHA1
ab1ce0cb2a819b82206dc1e922e97b284b585d17
-
SHA256
c9fffa589040d8a6d22285255604948ff3bb3efa7077c776b6b09272bc293b7d
-
SHA512
77b67f4cf6344f56e20172357831497c6ae4ff57c5a852762437419a7e5819805e10098dc87f90e937cf7603b72a94e6cf66681e1602974355fae8644b2a42dc
-
SSDEEP
12288:WHt2oRiGYi03velDeWJcqLofSfAuyOrC:c7zoWJchf
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Accessibility Features
1Power Settings
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Access Token Manipulation
1Create Process with Token
1Event Triggered Execution
1Accessibility Features
1Defense Evasion
Access Token Manipulation
1Create Process with Token
1File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
2Query Registry
4Remote System Discovery
1System Information Discovery
5System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1