General
-
Target
NEAS.fce339391dd4f449342731311e6b6f80.exe
-
Size
206KB
-
Sample
231014-kasrqsda38
-
MD5
fce339391dd4f449342731311e6b6f80
-
SHA1
89a9f0594b8fd733b482e7082c4d1b88b78b3204
-
SHA256
6824f93ab23a4294dd884992fe1c2e4ca1f8b9ef90aa1a11cd94abdca1758382
-
SHA512
02fdb1429ebccf54eb784d9dee31f118ee858cbf2ef02801b5ad9de312e2c470b111894181e7851a3fc805da9fcf219a0b6ebd7ec273bb08c9997c55dd6e6149
-
SSDEEP
3072:evEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unM9:evEN2U+T6i5LirrllHy4HUcMQY6v
Malware Config
Targets
-
-
Target
NEAS.fce339391dd4f449342731311e6b6f80.exe
-
Size
206KB
-
MD5
fce339391dd4f449342731311e6b6f80
-
SHA1
89a9f0594b8fd733b482e7082c4d1b88b78b3204
-
SHA256
6824f93ab23a4294dd884992fe1c2e4ca1f8b9ef90aa1a11cd94abdca1758382
-
SHA512
02fdb1429ebccf54eb784d9dee31f118ee858cbf2ef02801b5ad9de312e2c470b111894181e7851a3fc805da9fcf219a0b6ebd7ec273bb08c9997c55dd6e6149
-
SSDEEP
3072:evEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unM9:evEN2U+T6i5LirrllHy4HUcMQY6v
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1