General

  • Target

    09384bb4e63250965acc6ae868b405ca43f4f7e8f06d5a1cca4dfdf3ae5b3910

  • Size

    433KB

  • Sample

    210515-5mp2rg6yzn

  • MD5

    c9ae0a065e758f5e42f70f0527e436e6

  • SHA1

    4cd21cca29f4310b2567776aced29576012a8df0

  • SHA256

    09384bb4e63250965acc6ae868b405ca43f4f7e8f06d5a1cca4dfdf3ae5b3910

  • SHA512

    3c2d56e511d344f8c3273249fa5f6aabbefad6bee13ce6fa2b2fb2fb0338f1d8475c9d4203a0c69d42cf87fda40ea580525de53961f327fcc765bb8a38469c60

Malware Config

Targets

    • Target

      09384bb4e63250965acc6ae868b405ca43f4f7e8f06d5a1cca4dfdf3ae5b3910

    • Size

      433KB

    • MD5

      c9ae0a065e758f5e42f70f0527e436e6

    • SHA1

      4cd21cca29f4310b2567776aced29576012a8df0

    • SHA256

      09384bb4e63250965acc6ae868b405ca43f4f7e8f06d5a1cca4dfdf3ae5b3910

    • SHA512

      3c2d56e511d344f8c3273249fa5f6aabbefad6bee13ce6fa2b2fb2fb0338f1d8475c9d4203a0c69d42cf87fda40ea580525de53961f327fcc765bb8a38469c60

    • Modifies WinLogon for persistence

    • Modifies system executable filetype association

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies WinLogon

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Winlogon Helper DLL

2
T1004

Change Default File Association

1
T1042

Registry Run Keys / Startup Folder

2
T1060

Browser Extensions

1
T1176

Defense Evasion

Modify Registry

6
T1112

Tasks