General

  • Target

    file

  • Size

    1.1MB

  • Sample

    210120-t5tae3q4cn

  • MD5

    37d67bd746d37724222ec6c8f61d1a02

  • SHA1

    ef202fb219bb84b2d860821a1ff213c4722fd90d

  • SHA256

    523190f1fd2e4a7be94f790ae040a3375460123f371077f20864aec61ea016f6

  • SHA512

    d5c571a1ec6ab63f8da91250e66bbc7cc6ae382e456a7f88f8a81ec711dae32333a30e653e8f613f1f6c3e0e67ec671a79ff066dc7e4034751eadabe3d416e2d

Score
10/10

Malware Config

Targets

    • Target

      file

    • Size

      1.1MB

    • MD5

      37d67bd746d37724222ec6c8f61d1a02

    • SHA1

      ef202fb219bb84b2d860821a1ff213c4722fd90d

    • SHA256

      523190f1fd2e4a7be94f790ae040a3375460123f371077f20864aec61ea016f6

    • SHA512

      d5c571a1ec6ab63f8da91250e66bbc7cc6ae382e456a7f88f8a81ec711dae32333a30e653e8f613f1f6c3e0e67ec671a79ff066dc7e4034751eadabe3d416e2d

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Winlogon Helper DLL

1
T1004

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Tasks