General
-
Target
Neues Textdokument.txt
-
Size
77B
-
Sample
240629-prtgtazhqn
-
MD5
f0956b6203d3fafafb69743f820f27da
-
SHA1
0232e38407361762564ff54f2b82957792f2c408
-
SHA256
7b6aac08a062cf85e176dbd19137b6549606d5def9dacf3684432fccb10bbcb9
-
SHA512
eff36b1dde5d176832586cf632e5f483f73328110c1084ec281b3fec089bd3dcae2541c4227449f646fc83f1d6bbbdf49f01f4e48efed4eb7d456761415cf580
Static task
static1
Behavioral task
behavioral1
Sample
Neues Textdokument.txt
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Neues Textdokument.txt
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
Neues Textdokument.txt
-
Size
77B
-
MD5
f0956b6203d3fafafb69743f820f27da
-
SHA1
0232e38407361762564ff54f2b82957792f2c408
-
SHA256
7b6aac08a062cf85e176dbd19137b6549606d5def9dacf3684432fccb10bbcb9
-
SHA512
eff36b1dde5d176832586cf632e5f483f73328110c1084ec281b3fec089bd3dcae2541c4227449f646fc83f1d6bbbdf49f01f4e48efed4eb7d456761415cf580
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1