Overview
overview
10Static
static
10Covid29 Ra...re.zip
windows10-ltsc 2021-x64
3TrojanRans...29.exe
windows10-ltsc 2021-x64
10readme.txt
windows10-ltsc 2021-x64
1source/Bat...er.exe
windows10-ltsc 2021-x64
5source/Bat...lp.chm
windows10-ltsc 2021-x64
1source/Bat...gs.ini
windows10-ltsc 2021-x64
1source/Cov29Cry.exe
windows10-ltsc 2021-x64
10source/Cov...ns.png
windows10-ltsc 2021-x64
1source/Cov...v4.exe
windows10-ltsc 2021-x64
10source/Cov...ry.exe
windows10-ltsc 2021-x64
10source/Cov...ns.txt
windows10-ltsc 2021-x64
1source/Cov...ns.png
windows10-ltsc 2021-x64
1source/Cov...bg.jpg
windows10-ltsc 2021-x64
1source/Cov...re.txt
windows10-ltsc 2021-x64
1source/Cov...en.exe
windows10-ltsc 2021-x64
3source/Cov...es.jpg
windows10-ltsc 2021-x64
1source/Cov...en.exe
windows10-ltsc 2021-x64
3source/Cov...en.vbp
windows10-ltsc 2021-x64
3source/Cov...en.vbw
windows10-ltsc 2021-x64
3source/Cov...m1.frm
windows10-ltsc 2021-x64
3source/Cov...m1.frx
windows10-ltsc 2021-x64
3source/Tro...29.bat
windows10-ltsc 2021-x64
10source/icon.ico
windows10-ltsc 2021-x64
3source/icon.jpg
windows10-ltsc 2021-x64
1source/mbr.cpp
windows10-ltsc 2021-x64
3source/mbr.exe
windows10-ltsc 2021-x64
6Resubmissions
12/03/2025, 23:20
250312-3bv8cswyaz 10General
-
Target
Covid29 Ransomware.zip
-
Size
1.7MB
-
Sample
250312-3bv8cswyaz
-
MD5
272d3e458250acd2ea839eb24b427ce5
-
SHA1
fae7194da5c969f2d8220ed9250aa1de7bf56609
-
SHA256
bbb5c6b4f85c81a323d11d34629776e99ca40e983c5ce0d0a3d540addb1c2fe3
-
SHA512
d05bb280775515b6eedf717f88d63ed11edbaae01321ec593ecc0725b348e9a0caacf7ebcd2c25a6e0dc79b2cdae127df5aa380b48480332a6f5cd2b32d4e55c
-
SSDEEP
49152:dSrGy+kXRl9cIXjRG8OzbgFSXACZ4UL238tvVZkKNDN0AaFlkUSan:OZlyIzRXOfZv4UrtvVZRW6i
Behavioral task
behavioral1
Sample
Covid29 Ransomware.zip
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral2
Sample
TrojanRansomCovid29.exe
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral3
Sample
readme.txt
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral4
Sample
source/Bat To Exe Converter/Bat_To_Exe_Converter.exe
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral5
Sample
source/Bat To Exe Converter/help.chm
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral6
Sample
source/Bat To Exe Converter/settings.ini
Resource
win10ltsc2021-20250218-en
Behavioral task
behavioral7
Sample
source/Cov29Cry.exe
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral8
Sample
source/Cov29Cry/AdvancedOptions.png
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral9
Sample
source/Cov29Cry/Chaos Ransomware Builder v4.exe
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral10
Sample
source/Cov29Cry/Cov29Cry.exe
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral11
Sample
source/Cov29Cry/FileExtentions.txt
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral12
Sample
source/Cov29Cry/Options.png
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral13
Sample
source/Cov29Cry/bg.jpg
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral14
Sample
source/Cov29Cry/covid29-is-here.txt
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral15
Sample
source/Cov29LockScreen.exe
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral16
Sample
source/Cov29LockScreen/23311_lores.jpg
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral17
Sample
source/Cov29LockScreen/Cov29LockScreen.exe
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral18
Sample
source/Cov29LockScreen/Cov29LockScreen.vbp
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral19
Sample
source/Cov29LockScreen/Cov29LockScreen.vbw
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral20
Sample
source/Cov29LockScreen/Form1.frm
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral21
Sample
source/Cov29LockScreen/Form1.frx
Resource
win10ltsc2021-20250218-en
Behavioral task
behavioral22
Sample
source/TrojanRansomCovid29.bat
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral23
Sample
source/icon.ico
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral24
Sample
source/icon.jpg
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral25
Sample
source/mbr.cpp
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral26
Sample
source/mbr.exe
Resource
win10ltsc2021-20250217-en
Malware Config
Targets
-
-
Target
Covid29 Ransomware.zip
-
Size
1.7MB
-
MD5
272d3e458250acd2ea839eb24b427ce5
-
SHA1
fae7194da5c969f2d8220ed9250aa1de7bf56609
-
SHA256
bbb5c6b4f85c81a323d11d34629776e99ca40e983c5ce0d0a3d540addb1c2fe3
-
SHA512
d05bb280775515b6eedf717f88d63ed11edbaae01321ec593ecc0725b348e9a0caacf7ebcd2c25a6e0dc79b2cdae127df5aa380b48480332a6f5cd2b32d4e55c
-
SSDEEP
49152:dSrGy+kXRl9cIXjRG8OzbgFSXACZ4UL238tvVZkKNDN0AaFlkUSan:OZlyIzRXOfZv4UrtvVZRW6i
-
-
-
Target
TrojanRansomCovid29.exe
-
Size
542KB
-
MD5
9f0563f2faaf6b9a0f7b3cf058ac80b6
-
SHA1
244e0ff0a5366c1607f104e7e7af4949510226ec
-
SHA256
a8054338891db7231f9885ca0d3bc90a651c63878ff603ede5c3efafa7e25254
-
SHA512
40cdf4c754977e60c233417e42a62be02f9b5bfe239c0378664c28757ce6ce1fc3b91b83d6ef6bb184c4d831761f57a07255526d12a3a955c3b473bddb97f4c9
-
SSDEEP
12288:xBv407Pg09KyclZbmoYsp8L/0C7Cvb3p62STTzfGGz9oSzrfI:xh5rgjycXbm0K/EzQl/xDrfI
-
Chaos Ransomware
-
Chaos family
-
UAC bypass
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Sets desktop wallpaper using registry
-
-
-
Target
readme.txt
-
Size
285B
-
MD5
f4f557db9c615c87e524802af8a9992f
-
SHA1
692692c464b2a0229c697534c97d391179c5b646
-
SHA256
17976e8a6952b0123b729b50b3ad981cbe97083db9de66a37eb6f8decc39b76e
-
SHA512
7e8b9f2c01edf81252b722e2f9fffd1418150e9c5d6c322645bdc675561bad5b204c93ee5484b464c27a2d56ce86abc00152d32609bfd5f8271c32089b12d4c0
Score1/10 -
-
-
Target
source/Bat To Exe Converter/Bat_To_Exe_Converter.exe
-
Size
444KB
-
MD5
76d5900a4adf4c1f2ab8dbfd0a450c4a
-
SHA1
6177a27416519564ecb5d38093d61c9a81d3c290
-
SHA256
7adc1f7ff040628a600f99465bd70e71ad83fecfe60b0f1dadc84b5d262ff350
-
SHA512
286b05ff09d4e85856c251d56902486738d9b2457d9a56ea8a449195b349f2718816099f4602efba88dad592dd6cecefcd0748382888c3026dd585b3e46f0c6e
-
SSDEEP
12288:iYicHMPMDp8WrZtzlqQMB/FS/CiUF7RAfoSBjF:viuMPMDp8mtzbMFFS/CzKF
-
-
-
Target
source/Bat To Exe Converter/help.chm
-
Size
14KB
-
MD5
ffa8c49b21b077b0dc4b51a1f6f9a753
-
SHA1
5fe5b4d96b266b29bd7aaf41b32394f58e7416e2
-
SHA256
00037bfc41afacf262afda160e17d3cca33606276324e99bbd93ad1207e9a7c0
-
SHA512
751eeaef0828ec4416569291ebf3f434208ff43405221339688ec2535cd5947d58ad4d2fd8ea073aa0554f712783f5ec8d5f42dfc4ee935d2905bc541ccd0a9b
-
SSDEEP
192:TQ3bVqwNUWqaGA9yb6OmVbelnchhvm2I2S1O:TQLbNJqHA9YYVbCahvm280
Score1/10 -
-
-
Target
source/Bat To Exe Converter/settings.ini
-
Size
242B
-
MD5
d3be6c4edea45f5a9a766dd235e4c23a
-
SHA1
bc3f164c51e8f9b223b2992688aae2d492a18353
-
SHA256
236d6136a9ea4241facb7c459bf0bad6d1fa572d436e6e73c44884d6126e5ab4
-
SHA512
bd2f5cb1316bcc64bbf30b2828d497157129e2013a529be591733a5c900f4d3450e97eed3ba75f057a49884cdb9c0a72dcc2ba5768db33fba7ce9236f5cea6bc
Score1/10 -
-
-
Target
source/Cov29Cry.exe.death
-
Size
103KB
-
MD5
8bcd083e16af6c15e14520d5a0bd7e6a
-
SHA1
c4d2f35d1fdb295db887f31bbc9237ac9263d782
-
SHA256
b4f78ff66dc3f5f8ddd694166e6b596d533830792f9b5f1634d3f5f17d6a884a
-
SHA512
35999577be0626b50eeab65b493d48af2ab42b699f7241d2780647bf7d72069216d99f5f708337a109e79b9c9229613b8341f44c6d96245fd1f3ac9f05814d6a
-
SSDEEP
3072:H3kyzZr9SE9RmXjSPjXvyT2cQf8WhjTRqvM:N1r9SELZDv25iVly
-
Chaos Ransomware
-
Chaos family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
-
-
Target
source/Cov29Cry/AdvancedOptions.PNG
-
Size
16KB
-
MD5
c5f0f9ab684461c635f551d045e6caa5
-
SHA1
d68eabb18c68f34abc7e91b8538c445738c619e1
-
SHA256
6c9eb2da924df69bcee50c50f51a67c66321eaf1f453e4c864f037d31e08cf93
-
SHA512
f4ecaac100f6901dc1172fec228f48c5f73d828845dd579059143a0099ca3f5df17789808953b4145d236470acde80811d9c7e89b05dd773e9c2bdcf6142df42
-
SSDEEP
384:xaeNJkobdwg/PB9IpD0xt7ZLyV2EvpNm9du6TX15fT5Vj77tnMhn:xtJXdwGHFt1yDCLvX15fT377KJ
Score1/10 -
-
-
Target
source/Cov29Cry/Chaos Ransomware Builder v4.exe
-
Size
550KB
-
MD5
8b855e56e41a6e10d28522a20c1e0341
-
SHA1
17ea75272cfe3749c6727388fd444d2c970f9d01
-
SHA256
f2665f89ba53abd3deb81988c0d5194992214053e77fc89b98b64a31a7504d77
-
SHA512
eefab442b9c1be379e00c6a7de9d6d7d327ad8fd52d62a5744e104f6caa44f7147a8e74f340870f9c017980a3d8a5a86a05f76434539c01270c442a66b2af908
-
SSDEEP
3072:9UJAYdi2YcRVm16Pn6tpzqJG/sX9i2YcRPm16Pn6ckCjSH5EyR9aKZt18rTu+i2S:9aiWm162qJEsNiym16ryAiym168
Score10/10-
Chaos Ransomware
-
Chaos family
-
-
-
Target
source/Cov29Cry/Cov29Cry.exe.death
-
Size
103KB
-
MD5
8bcd083e16af6c15e14520d5a0bd7e6a
-
SHA1
c4d2f35d1fdb295db887f31bbc9237ac9263d782
-
SHA256
b4f78ff66dc3f5f8ddd694166e6b596d533830792f9b5f1634d3f5f17d6a884a
-
SHA512
35999577be0626b50eeab65b493d48af2ab42b699f7241d2780647bf7d72069216d99f5f708337a109e79b9c9229613b8341f44c6d96245fd1f3ac9f05814d6a
-
SSDEEP
3072:H3kyzZr9SE9RmXjSPjXvyT2cQf8WhjTRqvM:N1r9SELZDv25iVly
-
Chaos Ransomware
-
Chaos family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
-
-
Target
source/Cov29Cry/FileExtentions.txt
-
Size
1KB
-
MD5
189eeecf41700ae5ba9ae1a4a1c49e9a
-
SHA1
79dbd0e112eb3a184643dc4d9b76356c272fbc6b
-
SHA256
31fd1820ee3f7aad61f1f99e944d2df2c5406f033a661ea98e07c389d6334ba2
-
SHA512
37973f4103ee102d0fdb1e1d6a820be41305dec6293d6d73b55cf34852533392e5aa5c38fd6ed7554fbfca7790e2670d0799774ad64e23c816a48592f623be5f
Score1/10 -
-
-
Target
source/Cov29Cry/Options.PNG
-
Size
47KB
-
MD5
cdd3a90a2f2ab81410f356dcb38fc17b
-
SHA1
66c451a8cad0def71e1216e66741c79e908c3304
-
SHA256
7b288d1ad9b942447462f51c72fd30e050934240e9f5efa85e73f4f64c3ac1a9
-
SHA512
90018991d0127a434758d37d41afa047b47493c4a7d503a8c185e569b52ebf3f10b1f899021c946bf599f623db2f6e11f0765f574573ad55fbfc86c776ca3928
-
SSDEEP
768:mU3R21KunK9evX2uiTYb5a4Iu3geHYeP3aFH6ERIBNhfMpnxx6UJ:mU3k1ZX2utnROINf6bRJ
Score1/10 -
-
-
Target
source/Cov29Cry/bg.jpg
-
Size
30KB
-
MD5
108fc794e7171419cf881b4058f88d20
-
SHA1
dd05defd9fe5fb103db09eb2a3bb72c5ed7d8777
-
SHA256
741d2576009640a47733a6c724d56ed1a9cee1014cde047b9384181a1758cd34
-
SHA512
3a1a22217ff636e48612ff3b55ac6611eda6ae0b5a1f4d693440cbd6aef84d6657d3cd076ca828ba828ee556ab64e5bdecb37c1d682590877f3b23345baeb0ea
-
SSDEEP
768:VjjisU9FR4GNO9OCo0/E9bx0MpO5oO4A2K8iYB7:Vjjiz9FCrTGfmoOTrU
Score1/10 -
-
-
Target
source/Cov29Cry/covid29-is-here.txt
-
Size
859B
-
MD5
0a9f7b91e7c6beac740c17951e7feecb
-
SHA1
82546b0a0d2cf5461c492e4d51767d06a1355440
-
SHA256
be6d0b63a86a838d3252ce3ef015029499af4e9f0f8a0e04062f096368b58b8a
-
SHA512
04dcea6aca102d9780dcad7f56fd560fd325fe0b9c3483fc16b88b163221d9ed36c99fee65bfb9ab151dfef092445c8241a36e4bb4bbdeff7098ac508a18b220
Score1/10 -
-
-
Target
source/Cov29LockScreen.exe
-
Size
48KB
-
MD5
f724c6da46dc54e6737db821f9b62d77
-
SHA1
e35d5587326c61f4d7abd75f2f0fc1251b961977
-
SHA256
6cde4a9f109ae5473703c4f5962f43024d71d2138cbd889223283e7b71e5911c
-
SHA512
6f83dd7821828771a9cae34881c611522f6b5a567f5832f9e4b9b4b59bf495f40ad78678bd86cba59d32ea8644b4aa5f052552774fea142b9d6da625b55b6afc
-
SSDEEP
768:/PjjisU9FR4GNO9OCo0/E9bx0MpO5oO4A2K8iYBo:/Pjjiz9FCrTGfmoOTrD
Score3/10 -
-
-
Target
source/Cov29LockScreen/23311_lores.jpg
-
Size
30KB
-
MD5
108fc794e7171419cf881b4058f88d20
-
SHA1
dd05defd9fe5fb103db09eb2a3bb72c5ed7d8777
-
SHA256
741d2576009640a47733a6c724d56ed1a9cee1014cde047b9384181a1758cd34
-
SHA512
3a1a22217ff636e48612ff3b55ac6611eda6ae0b5a1f4d693440cbd6aef84d6657d3cd076ca828ba828ee556ab64e5bdecb37c1d682590877f3b23345baeb0ea
-
SSDEEP
768:VjjisU9FR4GNO9OCo0/E9bx0MpO5oO4A2K8iYB7:Vjjiz9FCrTGfmoOTrU
Score1/10 -
-
-
Target
source/Cov29LockScreen/Cov29LockScreen.exe
-
Size
48KB
-
MD5
f724c6da46dc54e6737db821f9b62d77
-
SHA1
e35d5587326c61f4d7abd75f2f0fc1251b961977
-
SHA256
6cde4a9f109ae5473703c4f5962f43024d71d2138cbd889223283e7b71e5911c
-
SHA512
6f83dd7821828771a9cae34881c611522f6b5a567f5832f9e4b9b4b59bf495f40ad78678bd86cba59d32ea8644b4aa5f052552774fea142b9d6da625b55b6afc
-
SSDEEP
768:/PjjisU9FR4GNO9OCo0/E9bx0MpO5oO4A2K8iYBo:/Pjjiz9FCrTGfmoOTrD
Score3/10 -
-
-
Target
source/Cov29LockScreen/Cov29LockScreen.vbp
-
Size
633B
-
MD5
420983daadcf363dee597da26732659d
-
SHA1
501a4e5714e301361aad8c3ea8c5861111956478
-
SHA256
7008899f61b246889060a2032dbf812ea579f147880ab8f0ae7db67729d61090
-
SHA512
98f7026010d089fc74b0edf6756d7280aa03ab82a5c10ee7848d82d81fae6f9df23569615ac32b816e550219b761d450185e66d688eb498cd855915927eb3e49
Score3/10 -
-
-
Target
source/Cov29LockScreen/Cov29LockScreen.vbw
-
Size
45B
-
MD5
4bc79d0f731d9f8a6a7648f3f8c7b2ed
-
SHA1
e1f4ab69a394f78de0633ed8b542e4f98e3b1458
-
SHA256
aa198998686412f07e422127bb3f4a1a1228ce62204fc8f5a43bd6863121de65
-
SHA512
959c87b708ba8ddad4252a35258733c07f1fc1421e7f90abe01dae52d6455303b10c420074bb409ffd7a54617b9a222e7939d511d807f012fc72c0b6c1751d94
Score3/10 -
-
-
Target
source/Cov29LockScreen/Form1.frm
-
Size
1KB
-
MD5
7bc02ce2aa937dc58733a326b6d6df4e
-
SHA1
b86ff7bc9619fa720629ded50bef86eb23f66b0e
-
SHA256
b1c2c1a22a0081fc23b8c9298ef088b0055b9f12a57b501450cd2b282561e784
-
SHA512
232cae0a89c81ed31225a959562b86b67ca7c4e47bbafb2135e39962b85f18aa9f36a2342094eba48b5c4ea2018d5457f1a90054a27a4325f42d7ef811e46905
Score3/10 -
-
-
Target
source/Cov29LockScreen/Form1.frx
-
Size
30KB
-
MD5
654d48ddcf505d1b7c31817d9b8a91f2
-
SHA1
3830a65ebbf9bb716fbd99da06eddc1da8f2bd54
-
SHA256
458f33b650a04abbb49bda25ae5a2d7cee6ae26f6450a061c5e8012ab9af16d0
-
SHA512
7db2fdd00f7deba41e396ee83016621a7937e7438f4e4aa68045c1b7871c0601ad503f926fde054071aa97cd616ff8aadf4b73a09d50eba9e53e82da0e17e0c8
-
SSDEEP
768:ZjjisU9FR4GNO9OCo0/E9bx0MpO5oO4A2K8iYB7:Zjjiz9FCrTGfmoOTrU
Score3/10 -
-
-
Target
source/TrojanRansomCovid29.bat
-
Size
1KB
-
MD5
57f0432c8e31d4ff4da7962db27ef4e8
-
SHA1
d5023b3123c0b7fae683588ac0480cd2731a0c5e
-
SHA256
b82e64e533789c639d8e193b78e06fc028ea227f55d7568865120be080179afc
-
SHA512
bc082486503a95f8e2ce7689d31423386a03054c5e8e20e61250ca7b7a701e98489f5932eba4837e05ec935057f18633798a10f6f84573a95fcf086ee7cabcbf
-
Chaos Ransomware
-
Chaos family
-
UAC bypass
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Sets desktop wallpaper using registry
-
-
-
Target
source/icon.ico
-
Size
147KB
-
MD5
c2c802b751e5a25b524b9369f583c371
-
SHA1
eaa3ed8f1c656c3ffb0a434241e65f2dd181ba4d
-
SHA256
930ab1d5fcd9864c45ad88911b2b13d84b379d0081dbfa114089eb4750c7d04f
-
SHA512
72716b0c22b82ae3e38e21ad8fbc3c738da8bd3ac437e6ca0b022e0094c1d13a2f65f61e6a5c7fad6ee3fc6240990caa73cd8b0e53cf330a655457c6a2b0c37c
-
SSDEEP
1536:V/6qKJHV8vj9bPnNfTiReHBX5UtrODdbM9kkDyTTwZglEMWpPDelGGKHgXs3:CqNTiCBpoiDdbM9kkmTTwFTAV
Score3/10 -
-
-
Target
source/icon.jfif
-
Size
8KB
-
MD5
a09e22b372ad74b3a504798b7d3f87b0
-
SHA1
3536de7ec5055eeeb7e4761ae4f8f624dc4dc436
-
SHA256
ea253bacafd64a86055f8779f96d71801ed171a25e6027f7f0565dcb05bfe1b1
-
SHA512
829316d6e7dab8b0fc7a5e006d22e284f136b5db19565c5cfc4c0b17abd85c5155acc2dfb64f02fec07c6d5fd59530feb6644b67499e024cd234cb4996d0a1bf
-
SSDEEP
192:6grmvvWkxFC6jpnDA2elpwYnxjhxK6TH41T7OSuf1sdCG:JmHBxFCyTImYnNTYRFuKd7
Score1/10 -
-
-
Target
source/mbr.cpp
-
Size
365B
-
MD5
d20eddecb5625b60d61d80c067537188
-
SHA1
8418cb3dd155a9399e7be92da3b4fcd50b559f99
-
SHA256
45eaa30a90c739fd9fb32d59b29d3e7cd8871431670a3e64d6c34fd53a08f979
-
SHA512
a0f1578adbabaa0cd5567678ac382637ea078070ef7f567251374ff7f1d1e3e2c6d108471a0cd6aeeb47058d06e0c2bafd0e8f487be04208e44311e478c1f980
Score3/10 -
-
-
Target
source/mbr.exe.danger
-
Size
1.3MB
-
MD5
35af6068d91ba1cc6ce21b461f242f94
-
SHA1
cb054789ff03aa1617a6f5741ad53e4598184ffa
-
SHA256
9ac99df89c676a55b48de00384506f4c232c75956b1e465f7fe437266002655e
-
SHA512
136e3066c6e44af30691bcd76d9af304af0edf69f350211cf74d6713c4c952817a551757194b71c3b49ac3f87a6f0aa88fb80eb1e770d0f0dd82b29bfce80169
-
SSDEEP
24576:LT3LlvRiQNGYXCI+b1w30WgvZef6YhuQ5O3h3JMtbu:7XNGDIu8NyMtbu
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2JavaScript
1Windows Management Instrumentation
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Direct Volume Access
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
3File Deletion
3Modify Registry
4Pre-OS Boot
1Bootkit
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1