General
-
Target
9794140876af52d9df2ec6da5a3dfbc46cf8032922ead79d2857a390100d6219
-
Size
163KB
-
Sample
221123-mq2exseg58
-
MD5
d7698c2f7324e6b8ee0b43b66543b7db
-
SHA1
ace8f658a1c9e164911faaba6c2fccefea29e9b2
-
SHA256
9794140876af52d9df2ec6da5a3dfbc46cf8032922ead79d2857a390100d6219
-
SHA512
3667ccd392c8747cce3a119a077e1d75edbef8acb59b968391ab7f777b4cc241df8d2138f566bce22cbf431c709076336301bd74be9cf9364a4c66af108ca06a
-
SSDEEP
3072:EqhMPsVMYjUtQl78voutbzoI7h+aS1Gnf:EqhMPsFjU2F8voSbzo0naGf
Malware Config
Targets
-
-
Target
9794140876af52d9df2ec6da5a3dfbc46cf8032922ead79d2857a390100d6219
-
Size
163KB
-
MD5
d7698c2f7324e6b8ee0b43b66543b7db
-
SHA1
ace8f658a1c9e164911faaba6c2fccefea29e9b2
-
SHA256
9794140876af52d9df2ec6da5a3dfbc46cf8032922ead79d2857a390100d6219
-
SHA512
3667ccd392c8747cce3a119a077e1d75edbef8acb59b968391ab7f777b4cc241df8d2138f566bce22cbf431c709076336301bd74be9cf9364a4c66af108ca06a
-
SSDEEP
3072:EqhMPsVMYjUtQl78voutbzoI7h+aS1Gnf:EqhMPsFjU2F8voSbzo0naGf
Score10/10-
Modifies WinLogon for persistence
-
Modifies system executable filetype association
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
UAC bypass
-
Disables RegEdit via registry modification
-
Disables use of System Restore points
-
Executes dropped EXE
-
Sets file execution options in registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v6
Persistence
Change Default File Association
1Hidden Files and Directories
2Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Defense Evasion
Bypass User Account Control
1Disabling Security Tools
1Hidden Files and Directories
2Modify Registry
9