8d4fa3aabd1d93977ae1c6460c8e7ccf8f00d97bb1e285764a04b99ba5f68428 | Triage

Sharing

General

Target

2024-11-20_a10cfdaf5ca2c9abc2c2e3f7b1274c8a_avoslocker_luca-stealer
Size

4.5MB
Sample

241120-cz3n8stkhm
MD5

a10cfdaf5ca2c9abc2c2e3f7b1274c8a
SHA1

f5507cffc3933c9cf096d253f9f4efd092b59d69
SHA256

8d4fa3aabd1d93977ae1c6460c8e7ccf8f00d97bb1e285764a04b99ba5f68428
SHA512

6b9ac04b2c58d91bd5d658a955658346b3f7cfb34952799fbcb94963eaa2638e6ac11465b263ad51cd13a312db83f6d11547db37e4a63845c57d4bea8bcc952d
SSDEEP

98304:8Wqq+Mb+nyWvjIy5YFWAvwzn7Nx99JEIjFMm2Va/5AZK6j0xnw:8WayWvjIy5YPvwzn7N/rTAYAZK6jyw

Score

8^/10

bootkit discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  2024-11-20_a10cfdaf5ca2c9abc2c2e3f7b1274c8a_avoslocker_luca-stealer
- Size
  
  4.5MB
- MD5
  
  a10cfdaf5ca2c9abc2c2e3f7b1274c8a
- SHA1
  
  f5507cffc3933c9cf096d253f9f4efd092b59d69
- SHA256
  
  8d4fa3aabd1d93977ae1c6460c8e7ccf8f00d97bb1e285764a04b99ba5f68428
- SHA512
  
  6b9ac04b2c58d91bd5d658a955658346b3f7cfb34952799fbcb94963eaa2638e6ac11465b263ad51cd13a312db83f6d11547db37e4a63845c57d4bea8bcc952d
- SSDEEP
  
  98304:8Wqq+Mb+nyWvjIy5YFWAvwzn7Nx99JEIjFMm2Va/5AZK6j0xnw:8WayWvjIy5YPvwzn7N/rTAYAZK6jyw
Score

8^/10

bootkit discovery evasion persistence trojan
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistencetrojan

behavioral2

bootkitdiscoveryevasionpersistencetrojan