General
-
Target
NEAS.9f8b3f6716c91974ff3fdd79aeaa0830.exe
-
Size
206KB
-
Sample
231021-1a3vpshe82
-
MD5
9f8b3f6716c91974ff3fdd79aeaa0830
-
SHA1
374ae4a9301ab5670fad177276153a1684ff1def
-
SHA256
8b84a7455b746db7b652a43c68439722e1a923e8fa429cfd1c30e86858902eec
-
SHA512
16c36982f815093538fd25589362afaa9587c1f7165d6f67cca5b7ed33139a147b62de42996c84c780b9aeddfee025f86a54c62c14deab04f07ae373511691a8
-
SSDEEP
6144:5vEN2U+T6i5LirrllHy4HUcMQY6Whhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhht:RENN+T5xYrllrU7QY6Whhhhhhhhhhhh3
Malware Config
Targets
-
-
Target
NEAS.9f8b3f6716c91974ff3fdd79aeaa0830.exe
-
Size
206KB
-
MD5
9f8b3f6716c91974ff3fdd79aeaa0830
-
SHA1
374ae4a9301ab5670fad177276153a1684ff1def
-
SHA256
8b84a7455b746db7b652a43c68439722e1a923e8fa429cfd1c30e86858902eec
-
SHA512
16c36982f815093538fd25589362afaa9587c1f7165d6f67cca5b7ed33139a147b62de42996c84c780b9aeddfee025f86a54c62c14deab04f07ae373511691a8
-
SSDEEP
6144:5vEN2U+T6i5LirrllHy4HUcMQY6Whhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhht:RENN+T5xYrllrU7QY6Whhhhhhhhhhhh3
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1