7b6aac08a062cf85e176dbd19137b6549606d5def9dacf3684432fccb10bbcb9 | Triage

Submit
Reports

Overview

overview

Static

static

1

Neues Text...nt.txt

windows10-1703-x64

Neues Text...nt.txt

windows10-2004-x64

1

Sharing

General

Target

Neues Textdokument.txt
Size

77B
Sample

240629-prtgtazhqn
MD5

f0956b6203d3fafafb69743f820f27da
SHA1

0232e38407361762564ff54f2b82957792f2c408
SHA256

7b6aac08a062cf85e176dbd19137b6549606d5def9dacf3684432fccb10bbcb9
SHA512

eff36b1dde5d176832586cf632e5f483f73328110c1084ec281b3fec089bd3dcae2541c4227449f646fc83f1d6bbbdf49f01f4e48efed4eb7d456761415cf580

Score

10^/10

bootkit evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

Neues Textdokument.txt

Resource

win10-20240404-en

bootkit evasion persistence trojan

windows10-1703-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

Neues Textdokument.txt

Resource

win10v2004-20240611-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  Neues Textdokument.txt
- Size
  
  77B
- MD5
  
  f0956b6203d3fafafb69743f820f27da
- SHA1
  
  0232e38407361762564ff54f2b82957792f2c408
- SHA256
  
  7b6aac08a062cf85e176dbd19137b6549606d5def9dacf3684432fccb10bbcb9
- SHA512
  
  eff36b1dde5d176832586cf632e5f483f73328110c1084ec281b3fec089bd3dcae2541c4227449f646fc83f1d6bbbdf49f01f4e48efed4eb7d456761415cf580
Score

10^/10

bootkit evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Downloads MZ/PE file
- Executes dropped EXE
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitevasionpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy