9d6163d57c9c99026b1203a475f0dac06b6a75a82a83d7c0c19442cb14ba35e5 | Triage

Sharing

General

Target

chthonic_2.23.18.10.vir
Size

470KB
Sample

200719-gkar69yy7j
MD5

54edda43ee2e20c39fea5e2dabb6c921
SHA1

a4332ec867080ba63e3523cae84b093c0fcef902
SHA256

9d6163d57c9c99026b1203a475f0dac06b6a75a82a83d7c0c19442cb14ba35e5
SHA512

d1e8756b1980b03c98c0a0aa322277f2a38687b9e9d1ecb758d23932958248c29f9aaa6fb3a3b25581adf2852c9e61d3d76cb56f213a0f0ef5eebd22cd230bf3

Score

8^/10

bootkit persistence ransomware

Malware Config

Targets

- Target
  
  chthonic_2.23.18.10.vir
- Size
  
  470KB
- MD5
  
  54edda43ee2e20c39fea5e2dabb6c921
- SHA1
  
  a4332ec867080ba63e3523cae84b093c0fcef902
- SHA256
  
  9d6163d57c9c99026b1203a475f0dac06b6a75a82a83d7c0c19442cb14ba35e5
- SHA512
  
  d1e8756b1980b03c98c0a0aa322277f2a38687b9e9d1ecb758d23932958248c29f9aaa6fb3a3b25581adf2852c9e61d3d76cb56f213a0f0ef5eebd22cd230bf3
Score

8^/10

persistence ransomware bootkit
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

persistenceransomwarebootkit