General
-
Target
sample
-
Size
258KB
-
Sample
241216-yjtbhsynhx
-
MD5
37698ffffe211da5c8b3f97ec1f36bae
-
SHA1
83f5b50f58b8c0a1451e8ba9f119b526abae76df
-
SHA256
a9614c6564109168c11a853f00a2073803c8a26af2effa33b861d80f78121e54
-
SHA512
368e0ee6d90d1f1746c23a520520a658964a7d289f846f2ed94772f28bb7331af763dc99fc7a8395c4a19314b35fbe9c5aa9e765cf7092e59cbd8f48f8ee3134
-
SSDEEP
6144:giaRHpOL/saqkPV9FemLtcIDSsmwj9OvZJT3CqbMrhryf65NRPaCieMjAkvCJv1/:laRHpOL/saqkPV9FemLtcIDSsmwj9OvY
Malware Config
Targets
-
-
Target
sample
-
Size
258KB
-
MD5
37698ffffe211da5c8b3f97ec1f36bae
-
SHA1
83f5b50f58b8c0a1451e8ba9f119b526abae76df
-
SHA256
a9614c6564109168c11a853f00a2073803c8a26af2effa33b861d80f78121e54
-
SHA512
368e0ee6d90d1f1746c23a520520a658964a7d289f846f2ed94772f28bb7331af763dc99fc7a8395c4a19314b35fbe9c5aa9e765cf7092e59cbd8f48f8ee3134
-
SSDEEP
6144:giaRHpOL/saqkPV9FemLtcIDSsmwj9OvZJT3CqbMrhryf65NRPaCieMjAkvCJv1/:laRHpOL/saqkPV9FemLtcIDSsmwj9OvY
Score10/10-
UAC bypass
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1