General

  • Target

    notepader.exe

  • Size

    1.1MB

  • Sample

    210114-3p6genel5n

  • MD5

    ac6686ab0d5c145bbcfddec99c143f62

  • SHA1

    f1d5793db4c3e788126930e0f5ad535e8406249b

  • SHA256

    99612e143d65598f830df1494e16eace445f0904218f3d6335f3cbd29d0378b5

  • SHA512

    ff40fafb995be7fe5a0f0bb7512d0cdda8b18b6aef1e8a90011831d63dfa187ce9f67cc5e60dc8df8fa2b42c19dd0415c5fb1428e29cdc07c435f55f473d0a99

Malware Config

Targets

    • Target

      notepader.exe

    • Size

      1.1MB

    • MD5

      ac6686ab0d5c145bbcfddec99c143f62

    • SHA1

      f1d5793db4c3e788126930e0f5ad535e8406249b

    • SHA256

      99612e143d65598f830df1494e16eace445f0904218f3d6335f3cbd29d0378b5

    • SHA512

      ff40fafb995be7fe5a0f0bb7512d0cdda8b18b6aef1e8a90011831d63dfa187ce9f67cc5e60dc8df8fa2b42c19dd0415c5fb1428e29cdc07c435f55f473d0a99

    • Modifies WinLogon to allow AutoLogon

      Enables rebooting of the machine without requiring login credentials.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Winlogon Helper DLL

1
T1004

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

3
T1112

Tasks