General

  • Target

    e45b50bcf5a3f891c7682aae05b673a1fbee1f2c80080286b5299bea51a7220b

  • Size

    252KB

  • Sample

    221123-ltlcfaff8z

  • MD5

    f16d67f6955ea2056fe5d74121d49eb8

  • SHA1

    a6f85e4e1fb157858f7d7150533e364e16e9e31b

  • SHA256

    e45b50bcf5a3f891c7682aae05b673a1fbee1f2c80080286b5299bea51a7220b

  • SHA512

    56e67eec0c45b1ae8f898dd79976173bf6a396493aad473e34a209fe0df8e7ef8716cea2238223533c79c57ddb52eee9c55923f187527f8f3b3d6efc5834293d

  • SSDEEP

    3072:/4Vg0KwkKHjrz3CVnhsTk8WOXNszbG7rBnVFFS5lb6v9Jx+QOGCTMA0DNOTbmbe4:AlYz6lJIlTHMNOWe2

Score
10/10

Malware Config

Targets

    • Target

      e45b50bcf5a3f891c7682aae05b673a1fbee1f2c80080286b5299bea51a7220b

    • Size

      252KB

    • MD5

      f16d67f6955ea2056fe5d74121d49eb8

    • SHA1

      a6f85e4e1fb157858f7d7150533e364e16e9e31b

    • SHA256

      e45b50bcf5a3f891c7682aae05b673a1fbee1f2c80080286b5299bea51a7220b

    • SHA512

      56e67eec0c45b1ae8f898dd79976173bf6a396493aad473e34a209fe0df8e7ef8716cea2238223533c79c57ddb52eee9c55923f187527f8f3b3d6efc5834293d

    • SSDEEP

      3072:/4Vg0KwkKHjrz3CVnhsTk8WOXNszbG7rBnVFFS5lb6v9Jx+QOGCTMA0DNOTbmbe4:AlYz6lJIlTHMNOWe2

    Score
    10/10
    • Modifies WinLogon for persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks