General
-
Target
f02f36f72aef927a2306fe8524470c694a36593431a1ebb6840fb10b452159d5
-
Size
234KB
-
Sample
221206-rlesksee92
-
MD5
e74f9d9c4b99281b3b0e16be9c63c638
-
SHA1
a62de451e246efe1892a47a67a3d6b0305dc5c03
-
SHA256
f02f36f72aef927a2306fe8524470c694a36593431a1ebb6840fb10b452159d5
-
SHA512
a812b672a2581b252f1608d2945264954b6aaa827ae673fc2832eab560d4d4cfceb16e7f567aa4ea6ee81480d813044a315a530824d42d752c7ca9183a4ea757
-
SSDEEP
3072:k9wShh9nsKHcQZYxIs1T+Z3edjHDN4HZ4s8ENObhb5npLdnUInuy+iMS3h0qmkc:kThh9sKHRFnWs8ENOblJUIurS3h0qtc
Malware Config
Targets
-
-
Target
f02f36f72aef927a2306fe8524470c694a36593431a1ebb6840fb10b452159d5
-
Size
234KB
-
MD5
e74f9d9c4b99281b3b0e16be9c63c638
-
SHA1
a62de451e246efe1892a47a67a3d6b0305dc5c03
-
SHA256
f02f36f72aef927a2306fe8524470c694a36593431a1ebb6840fb10b452159d5
-
SHA512
a812b672a2581b252f1608d2945264954b6aaa827ae673fc2832eab560d4d4cfceb16e7f567aa4ea6ee81480d813044a315a530824d42d752c7ca9183a4ea757
-
SSDEEP
3072:k9wShh9nsKHcQZYxIs1T+Z3edjHDN4HZ4s8ENObhb5npLdnUInuy+iMS3h0qmkc:kThh9sKHRFnWs8ENOblJUIurS3h0qtc
Score10/10-
Modifies WinLogon for persistence
-
Modifies system executable filetype association
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Windows security bypass
-
Disables use of System Restore points
-
Executes dropped EXE
-
Sets file execution options in registry
-
Windows security modification
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v6
Persistence
Change Default File Association
1Hidden Files and Directories
2Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Defense Evasion
Disabling Security Tools
2Hidden Files and Directories
2Modify Registry
10