General
-
Target
ddd306f21f061faa70d8ae4cf5ed6df3876b0960b03af3e836359e030384203d
-
Size
1.4MB
-
Sample
230923-rrfl3agc7w
-
MD5
912b3d39206444e12610f816cadd801b
-
SHA1
3f6f811088fb22af54191c59515aaba7df3dd523
-
SHA256
ddd306f21f061faa70d8ae4cf5ed6df3876b0960b03af3e836359e030384203d
-
SHA512
095020944a6bd0cfa8b626ff94a6dcc22f84d6f7b25b889fd9e4be07c6310cbc119cd37e269d23a1b1cfc492ec3c89b0a73c0aa8f06c09d307861549435782ac
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
Malware Config
Targets
-
-
Target
ddd306f21f061faa70d8ae4cf5ed6df3876b0960b03af3e836359e030384203d
-
Size
1.4MB
-
MD5
912b3d39206444e12610f816cadd801b
-
SHA1
3f6f811088fb22af54191c59515aaba7df3dd523
-
SHA256
ddd306f21f061faa70d8ae4cf5ed6df3876b0960b03af3e836359e030384203d
-
SHA512
095020944a6bd0cfa8b626ff94a6dcc22f84d6f7b25b889fd9e4be07c6310cbc119cd37e269d23a1b1cfc492ec3c89b0a73c0aa8f06c09d307861549435782ac
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
Score10/10-
Modifies WinLogon for persistence
-
Modifies Windows Firewall
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1