4682f33401c6f649275c861d4f293c4a99770b72c1089529e9f893b50985e515 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

2024-06-30...er.exe

windows7-x64

7

2024-06-30...er.exe

windows10-2004-x64

7

Sharing

General

Target

2024-06-30_283a085ca603e762a0cdfeca133078d4_avoslocker
Size

4.2MB
Sample

240630-nxkw7axcne
MD5

283a085ca603e762a0cdfeca133078d4
SHA1

5803a411f902ab17cb6ac5dfd4961fca8eb235a4
SHA256

4682f33401c6f649275c861d4f293c4a99770b72c1089529e9f893b50985e515
SHA512

5a988dd55c038983e5918bdce9f083eb8e10cbb47bb7ba1d3c9e916b107d486837127c6650379449b6be996270b7cf447d782a297719d32446ae732a3b00a494
SSDEEP

98304:gpq/d8kCBnlMyQjujDW9tBcg2jGqwwAXSY+139YOtYsnYT50kB3tiX9P:Bcu5ujyp8jGqwwCq3t/2Ntm9P

Score

7^/10

bootkit evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

2024-06-30_283a085ca603e762a0cdfeca133078d4_avoslocker.exe

Resource

win7-20240221-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-06-30_283a085ca603e762a0cdfeca133078d4_avoslocker.exe

Resource

win10v2004-20240508-en

bootkit evasion persistence trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-06-30_283a085ca603e762a0cdfeca133078d4_avoslocker
- Size
  
  4.2MB
- MD5
  
  283a085ca603e762a0cdfeca133078d4
- SHA1
  
  5803a411f902ab17cb6ac5dfd4961fca8eb235a4
- SHA256
  
  4682f33401c6f649275c861d4f293c4a99770b72c1089529e9f893b50985e515
- SHA512
  
  5a988dd55c038983e5918bdce9f083eb8e10cbb47bb7ba1d3c9e916b107d486837127c6650379449b6be996270b7cf447d782a297719d32446ae732a3b00a494
- SSDEEP
  
  98304:gpq/d8kCBnlMyQjujDW9tBcg2jGqwwAXSY+139YOtYsnYT50kB3tiX9P:Bcu5ujyp8jGqwwCq3t/2Ntm9P
Score

7^/10

evasion trojan bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

bootkitevasionpersistencetrojan

© 2018-2024

Terms | Privacy