SecuriteInfo.com.Trojan.MulDrop15.61633.207.22067

General
Target

SecuriteInfo.com.Trojan.MulDrop15.61633.207.22067

Size

631KB

Sample

201126-hqk9eer8gn

Score
10 /10
MD5

cdc8f3a824491953dbc51dbd65c25446

SHA1

7fd96c92dee132e74cbf6a2f0dfef4d0c4fa38ed

SHA256

2889a2beb9447078c976fd8d27e4c0fb4b73542a9a2c13f87a6f122651b59343

SHA512

47a4bd0021d6b1f7f6c166ea6ee0137bbf5dbfd4badd353a02040aae1fbe1c9410119a00e4709172ed23611889664f05c47f7d65c7256244dde8515c8bd81c42

Malware Config
Targets
Target

SecuriteInfo.com.Trojan.MulDrop15.61633.207.22067

MD5

cdc8f3a824491953dbc51dbd65c25446

Filesize

631KB

Score
10 /10
SHA1

7fd96c92dee132e74cbf6a2f0dfef4d0c4fa38ed

SHA256

2889a2beb9447078c976fd8d27e4c0fb4b73542a9a2c13f87a6f122651b59343

SHA512

47a4bd0021d6b1f7f6c166ea6ee0137bbf5dbfd4badd353a02040aae1fbe1c9410119a00e4709172ed23611889664f05c47f7d65c7256244dde8515c8bd81c42

Tags

Signatures

  • Modifies WinLogon for persistence

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry
  • Disables Task Manager via registry modification

    Tags

  • Modifies WinLogon to allow AutoLogon

    Description

    Enables rebooting of the machine without requiring login credentials.

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                  Privilege Escalation
                    Tasks

                    static1