Overview

overview

10

Static

static

5

c25d29fccc...d5.exe

windows7-x64

10

c25d29fccc...d5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c25d29fccc7f4fc539e8b739dff5f0f638b271ea47ac1f11b0930fbcd9e979d5

  • Size

    654KB

  • Sample

    221020-xlt56aaea3

  • MD5

    96927fdee0fcc4515ef1271c0a457803

  • SHA1

    10c03d2947279f7b74362bbfa0ccdc1b40c0ee7c

  • SHA256

    c25d29fccc7f4fc539e8b739dff5f0f638b271ea47ac1f11b0930fbcd9e979d5

  • SHA512

    2a5a22837504508bbd6c17625e2f2b62ccdafc2daf13b60ebe6ba803a4c1c4225abf686d76ed0d6db4653ea2ef1c640b2f389ef8259058c98f628fc003800928

  • SSDEEP

    6144:npqoa8aLiC/2OLSAN7gNVpNleQUohBfGPOtQciXeL/XYqGlebojSP2pjNhcYYnCK:npqiC/2OGAtkCP4cejGSOpRKPC8Rsw

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      c25d29fccc7f4fc539e8b739dff5f0f638b271ea47ac1f11b0930fbcd9e979d5

    • Size

      654KB

    • MD5

      96927fdee0fcc4515ef1271c0a457803

    • SHA1

      10c03d2947279f7b74362bbfa0ccdc1b40c0ee7c

    • SHA256

      c25d29fccc7f4fc539e8b739dff5f0f638b271ea47ac1f11b0930fbcd9e979d5

    • SHA512

      2a5a22837504508bbd6c17625e2f2b62ccdafc2daf13b60ebe6ba803a4c1c4225abf686d76ed0d6db4653ea2ef1c640b2f389ef8259058c98f628fc003800928

    • SSDEEP

      6144:npqoa8aLiC/2OLSAN7gNVpNleQUohBfGPOtQciXeL/XYqGlebojSP2pjNhcYYnCK:npqiC/2OGAtkCP4cejGSOpRKPC8Rsw

    Score
    10/10
    evasionpersistence

    • Modifies WinLogon for persistence

      persistence

    • Modifies firewall policy service

      evasion

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Drops file in Drivers directory

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks