General
-
Target
adada.PNG
-
Size
76KB
-
Sample
230407-npq38sag9s
-
MD5
7f27ce967f0c166b8b16ba9760f99acf
-
SHA1
1d558925b3a10f88f046d553f123102992bdcd43
-
SHA256
58087009edda7a991e05a6cd97eb1a886cabaecc747a23b184711edcface9011
-
SHA512
57673dded5e4d203d459348d6211296f0f50d71ed0cf13bd69d214bb03d28adc44ecba8fa7256482832f50497bf761dc360e7f5b309797e506117c1733a3cb3c
-
SSDEEP
1536:404kejL2F1oapwlO69zertfv4pDCFq9nRlG9O886+B23CgS+KhNT:40Pc6pwl59zertnE5dRlG986+BSC9vhV
Static task
static1
Behavioral task
behavioral1
Sample
adada.png
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
adada.PNG
-
Size
76KB
-
MD5
7f27ce967f0c166b8b16ba9760f99acf
-
SHA1
1d558925b3a10f88f046d553f123102992bdcd43
-
SHA256
58087009edda7a991e05a6cd97eb1a886cabaecc747a23b184711edcface9011
-
SHA512
57673dded5e4d203d459348d6211296f0f50d71ed0cf13bd69d214bb03d28adc44ecba8fa7256482832f50497bf761dc360e7f5b309797e506117c1733a3cb3c
-
SSDEEP
1536:404kejL2F1oapwlO69zertfv4pDCFq9nRlG9O886+B23CgS+KhNT:40Pc6pwl59zertnE5dRlG986+BSC9vhV
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-