Overview

overview

10

Static

static

SecuriteIn...67.exe

windows7_x64

10

SecuriteIn...67.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.MulDrop15.61633.207.22067

  • Size

    631KB

  • Sample

    201126-hqk9eer8gn

  • MD5

    cdc8f3a824491953dbc51dbd65c25446

  • SHA1

    7fd96c92dee132e74cbf6a2f0dfef4d0c4fa38ed

  • SHA256

    2889a2beb9447078c976fd8d27e4c0fb4b73542a9a2c13f87a6f122651b59343

  • SHA512

    47a4bd0021d6b1f7f6c166ea6ee0137bbf5dbfd4badd353a02040aae1fbe1c9410119a00e4709172ed23611889664f05c47f7d65c7256244dde8515c8bd81c42

Score
10/10
bootkitevasionpersistenceransomware

Malware Config

Targets

    • Target

      SecuriteInfo.com.Trojan.MulDrop15.61633.207.22067

    • Size

      631KB

    • MD5

      cdc8f3a824491953dbc51dbd65c25446

    • SHA1

      7fd96c92dee132e74cbf6a2f0dfef4d0c4fa38ed

    • SHA256

      2889a2beb9447078c976fd8d27e4c0fb4b73542a9a2c13f87a6f122651b59343

    • SHA512

      47a4bd0021d6b1f7f6c166ea6ee0137bbf5dbfd4badd353a02040aae1fbe1c9410119a00e4709172ed23611889664f05c47f7d65c7256244dde8515c8bd81c42

    Score
    10/10
    bootkitevasionpersistenceransomware

    • Modifies WinLogon for persistence

      persistence

    • Disables Task Manager via registry modification

      evasion

    • Modifies WinLogon to allow AutoLogon

      Enables rebooting of the machine without requiring login credentials.

      ransomwarebootkit
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

2
T1004

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks