Overview

overview

8

Static

static

3

2024-11-20...er.exe

windows7-x64

8

2024-11-20...er.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-20_d1a5244fd7bc6eb63388c0f68e9bb530_avoslocker_luca-stealer

  • Size

    4.5MB

  • Sample

    241120-d6kmnszcpd

  • MD5

    d1a5244fd7bc6eb63388c0f68e9bb530

  • SHA1

    1dcd3144bafc41f22f314d479daa1a474e4a356e

  • SHA256

    9521045291f7878d6c9054f072c96a6281c1dcbc8c858062cd1c53bc740f648e

  • SHA512

    3fc509ae14879b76cc13af574828664b67b5b819c46f88a129d597893628b8d58e245fc36a8fc086bce5cce862abb17dd2e27e39ed937b8f0cde7c60c7bf8386

  • SSDEEP

    98304:TWqq+Mb+iyWvjIy5YFWAvwzn7Nx99JEIjFMm2Va/5AZK6j0xnw:TWajWvjIy5YPvwzn7N/rTAYAZK6jyw

Score
8/10
bootkitdiscoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      2024-11-20_d1a5244fd7bc6eb63388c0f68e9bb530_avoslocker_luca-stealer

    • Size

      4.5MB

    • MD5

      d1a5244fd7bc6eb63388c0f68e9bb530

    • SHA1

      1dcd3144bafc41f22f314d479daa1a474e4a356e

    • SHA256

      9521045291f7878d6c9054f072c96a6281c1dcbc8c858062cd1c53bc740f648e

    • SHA512

      3fc509ae14879b76cc13af574828664b67b5b819c46f88a129d597893628b8d58e245fc36a8fc086bce5cce862abb17dd2e27e39ed937b8f0cde7c60c7bf8386

    • SSDEEP

      98304:TWqq+Mb+iyWvjIy5YFWAvwzn7Nx99JEIjFMm2Va/5AZK6j0xnw:TWajWvjIy5YPvwzn7N/rTAYAZK6jyw

    Score
    8/10
    bootkitdiscoveryevasionpersistencetrojan

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks