SecuriteInfo.com.Trojan.MulDrop15.61633.207.22067

Target

Size

631KB

Sample

201126-hqk9eer8gn

Score

10 ^/10

MD5

cdc8f3a824491953dbc51dbd65c25446

SHA1

7fd96c92dee132e74cbf6a2f0dfef4d0c4fa38ed

SHA256

2889a2beb9447078c976fd8d27e4c0fb4b73542a9a2c13f87a6f122651b59343

SHA512

47a4bd0021d6b1f7f6c166ea6ee0137bbf5dbfd4badd353a02040aae1fbe1c9410119a00e4709172ed23611889664f05c47f7d65c7256244dde8515c8bd81c42

Target

SecuriteInfo.com.Trojan.MulDrop15.61633.207.22067

MD5

cdc8f3a824491953dbc51dbd65c25446

Filesize

631KB

Score

10 ^/10

SHA1

7fd96c92dee132e74cbf6a2f0dfef4d0c4fa38ed

SHA256

2889a2beb9447078c976fd8d27e4c0fb4b73542a9a2c13f87a6f122651b59343

SHA512

47a4bd0021d6b1f7f6c166ea6ee0137bbf5dbfd4badd353a02040aae1fbe1c9410119a00e4709172ed23611889664f05c47f7d65c7256244dde8515c8bd81c42

Signatures

Modifies WinLogon for persistence

Tags

persistence

TTPs

Winlogon Helper DLL Modify Registry
Disables Task Manager via registry modification

Tags

evasion
Modifies WinLogon to allow AutoLogon

Description

Enables rebooting of the machine without requiring login credentials.

Tags

ransomware bootkit

TTPs

Winlogon Helper DLL Modify Registry

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Winlogon Helper DLL

Privilege Escalation

static1

behavioral1

bootkit evasion persistence ransomware

10^/10

behavioral2

bootkit evasion persistence ransomware

10^/10

Tags

Signatures

Modifies WinLogon for persistence

Tags

TTPs

Disables Task Manager via registry modification

Tags

Modifies WinLogon to allow AutoLogon

Description

Tags

TTPs

Related Tasks

static1

behavioral1

behavioral2