General

  • Target

    1d8135e9786395b35f1eb1b0b8a631907e45efbbef67d069d91985c9f70f86fb

  • Size

    1.5MB

  • Sample

    210302-2htlwnnht6

  • MD5

    d274baa25a7a206c00f7249045977d85

  • SHA1

    b9f7f799f7d200a3dc5a25db03afe7df870d631b

  • SHA256

    1d8135e9786395b35f1eb1b0b8a631907e45efbbef67d069d91985c9f70f86fb

  • SHA512

    50fe4441b494b3f518eb737608be0b8b9ce270f06f926a597db255b47b8665d85a478bd14479a61e3761d536c9235b18713e8a88d661a48f7d9e0145a29dc1fc

Score
10/10

Malware Config

Targets

    • Target

      1d8135e9786395b35f1eb1b0b8a631907e45efbbef67d069d91985c9f70f86fb

    • Size

      1.5MB

    • MD5

      d274baa25a7a206c00f7249045977d85

    • SHA1

      b9f7f799f7d200a3dc5a25db03afe7df870d631b

    • SHA256

      1d8135e9786395b35f1eb1b0b8a631907e45efbbef67d069d91985c9f70f86fb

    • SHA512

      50fe4441b494b3f518eb737608be0b8b9ce270f06f926a597db255b47b8665d85a478bd14479a61e3761d536c9235b18713e8a88d661a48f7d9e0145a29dc1fc

    Score
    10/10
    • Modifies WinLogon for persistence

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Persistence

Winlogon Helper DLL

1
T1004

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Tasks