General
-
Target
e1c58f9a9edfd6164f9223cd1dfe04655e713f65c38726d94cba8fb61df7c68b
-
Size
1.4MB
-
Sample
230806-nrpyysbc5y
-
MD5
2f1bdaeb0e3f552ab92f910165d9cba1
-
SHA1
17039ca5fd15836e032840d396898423b838a69c
-
SHA256
e1c58f9a9edfd6164f9223cd1dfe04655e713f65c38726d94cba8fb61df7c68b
-
SHA512
53f206ece8f1a43a3027e84410a992563150195c4c9489e57e344b54517aa49ec72c713f2cf2d23ceec9e30945ff4b153652914e450e93a0e5b30e3a262b6a20
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
Malware Config
Targets
-
-
Target
e1c58f9a9edfd6164f9223cd1dfe04655e713f65c38726d94cba8fb61df7c68b
-
Size
1.4MB
-
MD5
2f1bdaeb0e3f552ab92f910165d9cba1
-
SHA1
17039ca5fd15836e032840d396898423b838a69c
-
SHA256
e1c58f9a9edfd6164f9223cd1dfe04655e713f65c38726d94cba8fb61df7c68b
-
SHA512
53f206ece8f1a43a3027e84410a992563150195c4c9489e57e344b54517aa49ec72c713f2cf2d23ceec9e30945ff4b153652914e450e93a0e5b30e3a262b6a20
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
Score10/10-
Modifies WinLogon for persistence
-
Modifies Windows Firewall
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1