Overview

overview

8

Static

static

3

killa.exe

windows10-ltsc 2021-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    killa.exe

  • Size

    251KB

  • Sample

    241203-tervnsskcv

  • MD5

    8343718fdc45a64b62c4102230a555c2

  • SHA1

    d255b1024ba8547ad0e0c5e02fd146fc57dac6a2

  • SHA256

    289c320c2872d96997d8ff86e6dbd22e854fb544974041a50694e6cec366bed4

  • SHA512

    37c8cd726c8099b69283b6d2461c5089037b4a3b414858ec6f8289135a303d12d154a5a4add23d7e6990c83c731b858700f470a23fe49ae442c7c120bf6ee1e4

  • SSDEEP

    6144:eakjwyvvgH70VjobSgPiA5Bc3TZ4crB6B1:K4wQvKTVsB1

Score
8/10
bootkitdefense_evasionevasionexecutionlateral_movementpersistence

Malware Config

Targets

    • Target

      killa.exe

    • Size

      251KB

    • MD5

      8343718fdc45a64b62c4102230a555c2

    • SHA1

      d255b1024ba8547ad0e0c5e02fd146fc57dac6a2

    • SHA256

      289c320c2872d96997d8ff86e6dbd22e854fb544974041a50694e6cec366bed4

    • SHA512

      37c8cd726c8099b69283b6d2461c5089037b4a3b414858ec6f8289135a303d12d154a5a4add23d7e6990c83c731b858700f470a23fe49ae442c7c120bf6ee1e4

    • SSDEEP

      6144:eakjwyvvgH70VjobSgPiA5Bc3TZ4crB6B1:K4wQvKTVsB1

    Score
    8/10
    bootkitdefense_evasionevasionexecutionlateral_movementpersistence

    • Stops running service(s)

      evasionexecution

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Remote Services: SMB/Windows Admin Shares

      Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).

      lateral_movement

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks