General
-
Target
64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627
-
Size
234KB
-
Sample
221011-16jrpsggej
-
MD5
69449d731033652095164c586762b548
-
SHA1
143e824c2032d2e51ed0b3412e6b8e5239c7e87f
-
SHA256
64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627
-
SHA512
cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547
-
SSDEEP
3072:k9wShh9nsKHcQZYxIs1T+Z3edjHDN4HZ4s8ENObhb5npLdnUInuy+iMS3h0qmeE:kThh9sKHRFnWs8ENOblJUIurS3h0qe
Malware Config
Targets
-
-
Target
64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627
-
Size
234KB
-
MD5
69449d731033652095164c586762b548
-
SHA1
143e824c2032d2e51ed0b3412e6b8e5239c7e87f
-
SHA256
64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627
-
SHA512
cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547
-
SSDEEP
3072:k9wShh9nsKHcQZYxIs1T+Z3edjHDN4HZ4s8ENObhb5npLdnUInuy+iMS3h0qmeE:kThh9sKHRFnWs8ENOblJUIurS3h0qe
Score10/10-
Modifies WinLogon for persistence
-
Modifies system executable filetype association
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Windows security bypass
-
Disables use of System Restore points
-
Executes dropped EXE
-
Sets file execution options in registry
-
Windows security modification
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v6
Persistence
Change Default File Association
1Hidden Files and Directories
2Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Defense Evasion
Disabling Security Tools
2Hidden Files and Directories
2Modify Registry
10