2919b157d8d2161bf56a17af0efc171d8e2c3c233284cf116e8c968dd9704572 | Triage

Sharing

General

Target

_vti_cnf.exe
Size

477KB
Sample

230630-p57llacg92
MD5

34e03669773d47d0d8f01be78ae484e4
SHA1

4b0a7e2af2c28ae191737ba07632ed354d35c978
SHA256

2919b157d8d2161bf56a17af0efc171d8e2c3c233284cf116e8c968dd9704572
SHA512

8d93fab3c2544d015af2d84f07d3ebbf8acead8bb0185ffb045302b2be19ac12cd2ac59288313bd75bc230768c90e68139c124ea89df943776b1cfaac4876a7f
SSDEEP

6144:ZvZ2iKiZ/QAKVfiROzkViZwc0W/1vNuMqTp/CelAaWjSZ/nnnKCXP7:J7wVfiRuqPW/dgMqIHdjSFnnKCX

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  _vti_cnf.exe
- Size
  
  477KB
- MD5
  
  34e03669773d47d0d8f01be78ae484e4
- SHA1
  
  4b0a7e2af2c28ae191737ba07632ed354d35c978
- SHA256
  
  2919b157d8d2161bf56a17af0efc171d8e2c3c233284cf116e8c968dd9704572
- SHA512
  
  8d93fab3c2544d015af2d84f07d3ebbf8acead8bb0185ffb045302b2be19ac12cd2ac59288313bd75bc230768c90e68139c124ea89df943776b1cfaac4876a7f
- SSDEEP
  
  6144:ZvZ2iKiZ/QAKVfiROzkViZwc0W/1vNuMqTp/CelAaWjSZ/nnnKCXP7:J7wVfiRuqPW/dgMqIHdjSFnnKCX
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence