General
-
Target
342d6c8cf7169e937dc7328b750c39528740e649a58fecad34d63fa51a37b6d0
-
Size
134KB
-
Sample
221124-p5lzwsed63
-
MD5
e5c0fd76b28849ea17e101570d1de0a6
-
SHA1
ae058d5c36fe832aebf33b05ef8bfe2b22ce1a1c
-
SHA256
342d6c8cf7169e937dc7328b750c39528740e649a58fecad34d63fa51a37b6d0
-
SHA512
25f16d57a92be4c85eb2df359d7b8d570573c916aef801271e1d519164ac261f5337c1082a5c48db3dd24fb3f1b6c3832182b37ba4f8cc8144f6dc6dfb5ee1b9
-
SSDEEP
3072:oGl+oBSf7Xcd/ZRUAglgJhUanw441Gl+oBSf7Xcd/ZRUAglgJhUanw44:oGl+OSf7XcdSgXlw4iGl+OSf7XcdSgX1
Malware Config
Targets
-
-
Target
342d6c8cf7169e937dc7328b750c39528740e649a58fecad34d63fa51a37b6d0
-
Size
134KB
-
MD5
e5c0fd76b28849ea17e101570d1de0a6
-
SHA1
ae058d5c36fe832aebf33b05ef8bfe2b22ce1a1c
-
SHA256
342d6c8cf7169e937dc7328b750c39528740e649a58fecad34d63fa51a37b6d0
-
SHA512
25f16d57a92be4c85eb2df359d7b8d570573c916aef801271e1d519164ac261f5337c1082a5c48db3dd24fb3f1b6c3832182b37ba4f8cc8144f6dc6dfb5ee1b9
-
SSDEEP
3072:oGl+oBSf7Xcd/ZRUAglgJhUanw441Gl+oBSf7Xcd/ZRUAglgJhUanw44:oGl+OSf7XcdSgXlw4iGl+OSf7XcdSgX1
Score10/10-
Modifies WinLogon for persistence
-
Modifies security service
-
UAC bypass
-
Windows security bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Stops running service(s)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Winlogon Helper DLL
1Modify Existing Service
2Registry Run Keys / Startup Folder
2Defense Evasion
Modify Registry
9Bypass User Account Control
1Disabling Security Tools
3Impair Defenses
1Virtualization/Sandbox Evasion
1