General
-
Target
a54bf09bbe72387b6494678dc4af4c6e966d013b1bdc02301270fbf8a49f22bb
-
Size
1.4MB
-
Sample
230802-n4t4faee86
-
MD5
de7efb4fc0f17fce7a12c6b8d240deeb
-
SHA1
b90f38d9ae0149ace4f77c5bb75d4ad43b7f63c2
-
SHA256
a54bf09bbe72387b6494678dc4af4c6e966d013b1bdc02301270fbf8a49f22bb
-
SHA512
0d5e60ffcace7e5108880a329d36f207be2df454a34aa270cc93ff5819e0e80be9e717f4037fc2c38d1ce459c092ecdb2faae0c3325346baeaa4debf7d8bf445
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
Malware Config
Targets
-
-
Target
a54bf09bbe72387b6494678dc4af4c6e966d013b1bdc02301270fbf8a49f22bb
-
Size
1.4MB
-
MD5
de7efb4fc0f17fce7a12c6b8d240deeb
-
SHA1
b90f38d9ae0149ace4f77c5bb75d4ad43b7f63c2
-
SHA256
a54bf09bbe72387b6494678dc4af4c6e966d013b1bdc02301270fbf8a49f22bb
-
SHA512
0d5e60ffcace7e5108880a329d36f207be2df454a34aa270cc93ff5819e0e80be9e717f4037fc2c38d1ce459c092ecdb2faae0c3325346baeaa4debf7d8bf445
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
Score10/10-
Modifies WinLogon for persistence
-
Modifies Windows Firewall
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1