Overview
overview
10Static
static
10123.exe
windows7-x64
1123.exe
windows10-2004-x64
1360sb.exe
windows7-x64
10360sb.exe
windows10-2004-x64
107000.32
ubuntu-18.04-amd64
17000.64
ubuntu-18.04-amd64
7Linux577
ubuntu-18.04-amd64
8Mh.exe
windows7-x64
7Mh.exe
windows10-2004-x64
10Mh1.exe
windows7-x64
7Mh1.exe
windows10-2004-x64
10Mh2.exe
windows7-x64
7Mh2.exe
windows10-2004-x64
10SETUP.exe
windows7-x64
SETUP.exe
windows10-2004-x64
TX98
ubuntu-18.04-amd64
1TX981
ubuntu-18.04-amd64
1TX982
ubuntu-18.04-amd64
7TX984
debian-9-armhf
7TX985
debian-9-mipsel
7TX986
debian-9-mips
7bjyk.exe
windows7-x64
10bjyk.exe
windows10-2004-x64
10ceshi.exe
windows7-x64
10ceshi.exe
windows10-2004-x64
10ddos.exe
windows7-x64
1ddos.exe
windows10-2004-x64
10dhl.exe
windows7-x64
7dhl.exe
windows10-2004-x64
10mh3.exe
windows7-x64
7mh3.exe
windows10-2004-x64
10server.exe
windows7-x64
10General
-
Target
malz5.zip
-
Size
12.1MB
-
Sample
230327-lpmppscg42
-
MD5
1468c1908845ef238f7f196809946288
-
SHA1
62f0bd56b0e1235b99940b34916c19ecfac8e80c
-
SHA256
438e44aae94e8376d2e36e23212920e936b7517bca24eaf66e9d7d014e21552c
-
SHA512
83d65df17c88a4cbc64c6fe4d5e064850aeb3cccba2eb5097d3385f4195e1b94a374528e0a6b92f7ad1db2c78bb7fae3c0e563a2a828f5f8ce0459eccd72b496
-
SSDEEP
196608:NllU8B3ffcP4fQ74RGBP91vnbcMlB4mVgGj/oRPA4CbyrE2C2+QQnr1Gh922bkHy:TtB3HcPEwpBPTvbtVfcq/yzR8Bt2aT8V
Behavioral task
behavioral1
Sample
123.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
123.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral3
Sample
360sb.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
360sb.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
7000.32
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral6
Sample
7000.64
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral7
Sample
Linux577
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral8
Sample
Mh.exe
Resource
win7-20230220-en
Behavioral task
behavioral9
Sample
Mh.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral10
Sample
Mh1.exe
Resource
win7-20230220-en
Behavioral task
behavioral11
Sample
Mh1.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral12
Sample
Mh2.exe
Resource
win7-20230220-en
Behavioral task
behavioral13
Sample
Mh2.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral14
Sample
SETUP.exe
Resource
win7-20230220-en
Behavioral task
behavioral15
Sample
SETUP.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral16
Sample
TX98
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral17
Sample
TX981
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral18
Sample
TX982
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral19
Sample
TX984
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral20
Sample
TX985
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral21
Sample
TX986
Resource
debian9-mipsbe-20221111-en
Behavioral task
behavioral22
Sample
bjyk.exe
Resource
win7-20230220-en
Behavioral task
behavioral23
Sample
bjyk.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral24
Sample
ceshi.exe
Resource
win7-20230220-en
Behavioral task
behavioral25
Sample
ceshi.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral26
Sample
ddos.exe
Resource
win7-20230220-en
Behavioral task
behavioral27
Sample
ddos.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral28
Sample
dhl.exe
Resource
win7-20230220-en
Behavioral task
behavioral29
Sample
dhl.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral30
Sample
mh3.exe
Resource
win7-20230220-en
Behavioral task
behavioral31
Sample
mh3.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral32
Sample
server.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
123.exe
-
Size
60KB
-
MD5
07b3c7c475a0204f34408d806a4d0883
-
SHA1
72da95ef18d46b5ff6f75c90da29d294e8e755cf
-
SHA256
457bf2d5752e50d343a655993e9f308a616f4123c5fbebbc369f12c49bd502b6
-
SHA512
4c57ce6ee744227219cdfdea5e67efe605c62d7ae99233a9b886bdf0144c70f0317be3ba5dd01c097284c3c86e7005165b9d74ef43fcf28d8d5fd34717c0f1c2
-
SSDEEP
768:5blRLS2f/IbhNGgkqUpbj3Pl4SSbUtkokv9N:bBSI/UGg6P326tkokf
Score1/10 -
-
-
Target
360sb.exe
-
Size
74KB
-
MD5
ff3638137bdb13438ae78bdb295fb74d
-
SHA1
d1ff58701713d307430fd061592ecea3c1cf4e6b
-
SHA256
61e5303a9e3c3f0b5c70749c4ea2d619f3b5bae341189eaff28393f337113fca
-
SHA512
dc87de3bb1689bea6409c33b2af420f8274d4c36862dfe79b98b2195c72057e76a0222aa3c61a144e6927a0bbe5a3a95afe4df430a342f35ba1c7d5c6fda339f
-
SSDEEP
1536:aunpULRX92uqnsRDwdQW3YBlCOCbZawM:aunyLR0z3QOal/CbowM
-
Gh0st RAT payload
-
Executes dropped EXE
-
Drops file in System32 directory
-
-
-
Target
7000.32
-
Size
272KB
-
MD5
1a2ca76f4c05df6ff90be02108f36759
-
SHA1
518ceab47c71ea46625e64d1e342476dfee85985
-
SHA256
5647a07dde1da4334e6a311519ee08ea1ac2fb6ff0841e81a2bd6053b6b59062
-
SHA512
6340ca6862b4e22660748110da46227be889d7718242dcf0f9df9ecdce9bef5b9ff66b5bef0437813a73355ca1344408dd92c703ace821036578921f1c06c2e8
-
SSDEEP
6144:+1FJI4kHXz3ghDymssoxTAbDcG3kj9M5apyFMMX:+1/0Gu7saocG0j9M5kMX
Score1/10 -
-
-
Target
7000.64
-
Size
710KB
-
MD5
d80e1546a194e42f049b1a15287aa4d6
-
SHA1
980f2d902a250cd3298e2acf45bfbc31044cd8f5
-
SHA256
7bce4673ac5b7db9bd5d27076c770925c181745b784f806024413a3b5552eebf
-
SHA512
24501f6bb75078ebdb51999ed32ec1cea6ad57fe27dd48e12066de65dacf8570d0f875c79b9734f844f60042ad8c806d8293f9a92ee15d59fd9b68a50eec8a49
-
SSDEEP
12288:ZIlddxPHCo90S9LTXIXs5im4MkQbSJDTdx4Is//O1ScnBM:ZI/dLTXIXw4jQb+Tffs//gScS
Score7/10-
Write file to user bin folder
-
Reads CPU attributes
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Enumerates kernel/hardware configuration
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
Linux577
-
Size
474KB
-
MD5
9e96170c07c1566ac0d9d7b93e7928d1
-
SHA1
f762afafa8bf6b694bdc0bf00d8b4caa38d96ddc
-
SHA256
825cbeae503c8d9f4ff8a55d14042e83db220f4ed428e57b57fc48335d09f359
-
SHA512
e042b528351ad9f32fe37d60bc2b45bb7b7b2cc60c59a10e8eee00a4417c53afa55803f0e9e1196aad912f0b881cfe627dad38802181a0d447b80985344cbd55
-
SSDEEP
12288:Cd3IH4kbsBnbOXzFOS4NhgvMfA5z5m9NO554UA+:Cd4H4/OCI16O55h
Score8/10-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
Mh.exe
-
Size
410KB
-
MD5
6b6fa473cd53b3b1d20fb7d0d7d94dd2
-
SHA1
ac8682258ec2a9556c5b06dac4b70aa7f408146b
-
SHA256
e4a5f740683ce26d8312c336e1a2d50aa5b56efe61fc793ff3f9dc08af2da30d
-
SHA512
59a132a04c621aad34c2130895e1c33f8a988a1d400b91ab712c4058ab6fefda698d01f395dd88f15cc8382f6826eee6550296b00981581a5b8abb10682fe9b0
-
SSDEEP
6144:66a0cy+o0eBYJw2acFyuItrcF7Faf3DROwunbNvTr:7XP0pJvacFyuItgZiTROwuxvTr
Score10/10-
Modifies firewall policy service
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
Mh1.exe
-
Size
410KB
-
MD5
0c80a0ef434aaecd6b1c888567935b97
-
SHA1
ad6730df896f7bb0e4379b8ac543c704f70f8292
-
SHA256
bb7850028720aace62daf55e8ba0bcf0b1040ebe20f3035873e9fd7130ced767
-
SHA512
7a8b601b6d027c0f017a620aa117c7183c05170aa6f90c4a2a177ad82b938f00b181007d69eea128b4ee738b2397a2448e2a33801daa102bfdf2b39f1917e6de
-
SSDEEP
6144:4ta0cy+o0ecIJw2qDukfgpFyuItrcF7Faf3DROwunbNvTr:eXP0yJvqDlQFyuItgZiTROwuxvTr
Score10/10-
Modifies firewall policy service
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
Mh2.exe
-
Size
410KB
-
MD5
c4fdfaf0caa9f98856f2135407025b7a
-
SHA1
0614d4a3db2045374c8308b84ad6864dd6db5869
-
SHA256
c08823a1d6ddb98b4ffd6488e8fb282c371ba4c30336770ddea7be50a33d4229
-
SHA512
903221846dc5498649af5a167ad1477d93007ce344c7de2399c3dd2489def93348637e08f6e03398e7f247b249b04e705b45f7123573fbf00f4b062b6899294a
-
SSDEEP
6144:SKa0cy+o0e3IJw2KpiBo+R9/21TkeVQVqOAh2/qIqUk3oGvNo:zXP0/JvKp+hN1bVqFh2rJYo
Score10/10-
Modifies firewall policy service
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
SETUP.exe
-
Size
193KB
-
MD5
920a14447a82c7b020501af6fe8c88d3
-
SHA1
bf3201d891dd6afc2a787dae1eae6e396af72c33
-
SHA256
0c273dfdf2af911e189997b04a9b76c48fcfe14fc07ae0fbf639618d2887cf7d
-
SHA512
bc365b6d5e961a06167e325a1193aea0239f56791dedbd13fb6d8c4d18736c5912eaf84683c5750f736017a95b09de2082a74f813a8a045f1d13eab546f0327a
-
SSDEEP
6144:mN2g1pIizw29kUhIOkk/DkzgsuIPDkzuJLie:mA+pL80/ozhvvie
Score1/10 -
-
-
Target
TX98
-
Size
83KB
-
MD5
5ba66307564858dfaaf671c78e11f37d
-
SHA1
45fb2fbd1eb2d53a0c71c2d5fb0397711df99e54
-
SHA256
0468b78c9eef6bde2367717d38347af54fce3df871382789cfb3780fc2731543
-
SHA512
e7edabc9060768d875f7dcc98fdb4552a8311d0c1ad408a70e7f67c7c6b0d15a1ea4e002fe92dc52f0379417f941169683e3922b788783769eef0b8310bf4051
-
SSDEEP
1536:lCudpNeZUCBis65ifKnVsrTvC/LMpDLul4b2bQHb3S+aHAdnwU:oyIUAi/5/yCTkDNqE7i+qAB1
Score1/10 -
-
-
Target
TX981
-
Size
4.9MB
-
MD5
0874f1d99a37f34bb154013bc827bc3f
-
SHA1
ebb072a3c4ed3722f4649d490593d3c1e7dacd88
-
SHA256
da1dc452102758781c6a5a9f48c650e8efa745cbaab050f30c14e7b558946efd
-
SHA512
9552292a2d588969fd9a035a1946ccbb0f4c4ae806ed8faacb98f52e2f9f1395e9c65f2976751f393a46fbee5184316b072bae3517d915fa0bf5fea72b12a722
-
SSDEEP
24576:OjTY+ufmnFLLk53fRlLpipTBwLPwlrc4v6nka:OjTY+ukvkZfRlLgpTBwLPwljCn/
Score1/10 -
-
-
Target
TX982
-
Size
1.8MB
-
MD5
bba8b35378fe7872ab2b5026f12b5e72
-
SHA1
17d52f40b6cd116e81685beb91bd0b14dd9114f2
-
SHA256
97192a841a178aed607674f7bf457cf53ce025571fd47da842d3ffd0ecf4d4f5
-
SHA512
d97a98093e55de5c3eca87a8e17fa8d13e1240aae3ef4634674e5f66a4f5eee91a27d2f6491e45e474f75a1e9740c31ecf94cfef3de5095fee418e37e15431ee
-
SSDEEP
49152:bNihhOhBNhKhyu7cYx9z2rAnKsfROaFyZB5Ss5+Nu:5ihhOhBNhKhRwwJ2roMaFyZB5Ss5+Nu
Score7/10-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
-
-
Target
TX984
-
Size
977KB
-
MD5
fdd1c9ad7f04868d4bed04f8708bec5d
-
SHA1
bc49a05e5a38ca2a9b0e0ef99819a8ff833b378f
-
SHA256
8b5355748604150f8ce643305878c0d35e33a59bdcd25de9861497557b972359
-
SHA512
3436b51881e997d38c271224f868aad2b5d11fa262c986c12ec75c70f3667742673f99386f7052df2d036ce2dc5efbd0fd5d51049dcb0589a7f13fadff81c205
-
SSDEEP
12288:erXiRPpwBSHJB2A6f13P5D79dmuxlNzJs4dm3yxiD1WjfGAIFDFvyq766Pd4YTQ0:jvwlP5DJdrRJsskWU5RPd82ByWwK3R
Score7/10-
Reads CPU attributes
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
-
-
Target
TX985
-
Size
1.1MB
-
MD5
5ab68ecc6f6262c76fc1875972a508dd
-
SHA1
dac088cc4ef5377efcf81a325c8516e71a792672
-
SHA256
aff22363942228229a1b40a4581f5e0593714d553ed5f2ea7aae15612b28142f
-
SHA512
e0837b8ec1632bc3493d79236dba2bca402f1d77e5ad9814c5df6f8b59115f69b71189a8d345df0ad32ed01e78ac3d151741643669ddc23595d9f74b7b7731d3
-
SSDEEP
12288:v0gZjw/mGyri7g8Nyllxm+KYCy1aPrfWf47b/d+qdeaQklaHhmM7tL+GSPlXJZru:VETLPAFHcMJ6l5ZZVt6Ai3YKhAxtK
Score7/10-
Reads CPU attributes
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
-
-
Target
TX986
-
Size
1.1MB
-
MD5
8adfc3cc5e225440684e74b7f7994933
-
SHA1
fbc72c5bc436a7565d994886e238b80731e373b8
-
SHA256
746fd8e299a5542658c051d08765f327f3c3e48248698a29cf57f151a282b157
-
SHA512
e9dda159470640c11a6832f8d6be355d90b32c9c1fa7b938b47fc37fdeb459ccb17a8edeed8e0c065f107c7b04eed4b8dea5290543564a7732d3ae8c4c57acfa
-
SSDEEP
24576:qsFkPsgRseqq7s7L23vHkF/CZ5lfwNjcpzdmMqMSjG2oedCp/mpyS1tFhextK:leLsL23vEF/CZ5lfwNjcpzdmMqMSjG2F
Score7/10-
Reads CPU attributes
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
-
-
Target
bjyk.exe
-
Size
377KB
-
MD5
ca7c977b5b315dd62b0189f2619764db
-
SHA1
42ce52b22e5017990660148ba6c5ff0097c5af01
-
SHA256
c6d90ced12fb16ca9ae112787ce6d29379b06e0ba0a90595e337c07453a571fa
-
SHA512
b7be48e4c7ca12e0059a6b0064eaa8e8c1f4bbd7ed62c2a34671a5875ba25715b45b780d54e58f5429b2cade56244f6a820a46c0a45b0f7e9d4567213a499427
-
SSDEEP
6144:xsItKnWUQpBTyPRqyhYPbncTBlhHrbndnkv0oX90Q1vPjrVCTH3mwVaYo7/8FaA/:OtWUzJq8YPbncT3+vXPjc3xVaYo7UFyO
Score10/10-
Gh0st RAT payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
ceshi.exe
-
Size
303KB
-
MD5
3ddd0fe1b5a21d08007805185072bdd0
-
SHA1
174d3667b9f266b139f5892c961e7609a6134d79
-
SHA256
42676dd65d1dbd81f8f8e751790b4412c5a179feb7edb5460cf230463f141299
-
SHA512
2b633d6be693f46ac07e17c43a7389655e7e7e0ded027e9a82ca120139e0e44c68d1f76b32e34501bb9d4d3dcc9d44997c2803999b9aa1f2fec8f531464fdd9f
-
SSDEEP
6144:rt8nMnJqNMFSTLeYVvI8vw+Ie51BMz3VolJXUVLAW5w7wIAsKCEc4YgUFk6Oa7HS:doNMsy8I6KFojXUaWQ5KCqOvOaJt+
Score10/10-
Gh0st RAT payload
-
Modifies firewall policy service
-
Sets DLL path for service in the registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
ddos.exe
-
Size
38KB
-
MD5
d68ab23225bf1388a7a16963356a87b6
-
SHA1
09ca273cdecf55b67eb20ced2e11a64b52058044
-
SHA256
3e20b4ca4fea293b596c23328a06207c301d135774e461ff5c5e7b84784ffd47
-
SHA512
ae38756fe73206ec9fdbd4b1c8e57c6e880630385bd5fab2e57ec3f61eea4f3a7d9aa58c8f593eb68d8a6c5df116e24a19f7bdc771d7d97eec7f7cb602d9f234
-
SSDEEP
768:mACSpftPzWIYHqfwyk0vsYRG3IUlcV0njosBRtmwOZO4KaAtGB9wMCC:mXSLiIask0vzA3IUlcVIjLB9nMD
Score10/10-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
dhl.exe
-
Size
311KB
-
MD5
1170aaabfc50ba1d8afd2bdd3fde5e33
-
SHA1
a345658edc7df429c515bc949d45661c7446136d
-
SHA256
022600b997847cb9795b58cbef8b1058760d3037158f1d8890825f20e3f8745e
-
SHA512
333c8e2af8f7b845abd897cd7d86ab68545ef2bddfda6f24216aa7fffeb39594756a666500fa3495205505bb485e4659c9e66f3c639d34bc12cf929b00950ea6
-
SSDEEP
6144:eKYOSlWhmtC3G/414qs8Pz5Trd8Coc1O9gRyBDqP6K0Q0wKnL:e1/WYtwG24Qp+oOGROrK0W0L
-
Modifies firewall policy service
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
mh3.exe
-
Size
361KB
-
MD5
e48e887d5308de6e88b0edbcf0c05664
-
SHA1
b78c4d499717346c6da33f9d2a884aaaee74ebcc
-
SHA256
e18bc151f005b441f6003b4fc096583c8e4f312bc6439ecffc91b190d73171a2
-
SHA512
5068add9bf1681ffb27c9e4867f80fe4ee484a3260b12c501988caaed1ce0876e295e1809b81c47bf2be4994d2e10728b12f84a3e84a212718a0fbc816cb68f7
-
SSDEEP
6144:VLTG0GxC/dijE8O1udvvFsueJ+kXpJdkDStVvXGxcS985NRW1W:VfG7ggEN2Vsum+2pJ2YvXGKHW1W
Score10/10-
Modifies firewall policy service
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
-
-
Target
server.exe
-
Size
333KB
-
MD5
44283b85db8476e3dbcab39e644a76bb
-
SHA1
afed9e102d07782074a63b8f5fae6ac0ee96ec1f
-
SHA256
5e213f963cb6c381a34388e9d66456cc044c395d4921440acb9d80a9625803b2
-
SHA512
a5f5dd9ac7116971c65ad376d31b463d0b44b6cced3db08593030eb8ccd64e1fefa1f2c0531004dc347407c2f4f8090bab860e6485f91c3a31eb49b44df78bdf
-
SSDEEP
6144:EgiFIfdAcDJiMm02wKURWl3I+q4NqBqAG:ri2dTDJiMmRvUROI+q4UBqAG
Score10/10-
Gh0st RAT payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Boot or Logon Autostart Execution
11Hijack Execution Flow
2Scheduled Task
1Modify Existing Service
7Bootkit
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
11Hijack Execution Flow
2Scheduled Task
1