General
-
Target
14.jpg
-
Size
390KB
-
Sample
230401-twm8tace4y
-
MD5
456edc37531d3f6fa373410702f5ab78
-
SHA1
c188231924a84a1e962bd4050171fb9e19ddb62a
-
SHA256
05e6512121b7fe608640b605491397dc72df862d490fdfae340ba0ee5055e0de
-
SHA512
b5ac82f9cfe39a1bfee67a63990b639b1912bbac66775a67fb3087490919075d79072a19c921810b94586f467b0a63f8318f89a48473e53b897548bd4e5c7877
-
SSDEEP
12288:mWU84TV/10+alhhPJfltkyLia2dSyzCWzrhba5:01uzkKfcVP5+
Malware Config
Targets
-
-
Target
14.jpg
-
Size
390KB
-
MD5
456edc37531d3f6fa373410702f5ab78
-
SHA1
c188231924a84a1e962bd4050171fb9e19ddb62a
-
SHA256
05e6512121b7fe608640b605491397dc72df862d490fdfae340ba0ee5055e0de
-
SHA512
b5ac82f9cfe39a1bfee67a63990b639b1912bbac66775a67fb3087490919075d79072a19c921810b94586f467b0a63f8318f89a48473e53b897548bd4e5c7877
-
SSDEEP
12288:mWU84TV/10+alhhPJfltkyLia2dSyzCWzrhba5:01uzkKfcVP5+
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-