General
-
Target
NEAS.2d1ca9f58635fc85c0096d43ebdd5de0_JC.exe
-
Size
37KB
-
Sample
231021-xhbveaae76
-
MD5
2d1ca9f58635fc85c0096d43ebdd5de0
-
SHA1
eb2e1704f3f8a6deb3d5ce4c3da054abc055a085
-
SHA256
ae8a7d657aae386b2f8511f7a0acfa696e82ad7d1f3917dc849f0a69890bc1ea
-
SHA512
35a243d7cb4bf86d60fa8bc164ea273297aac3e054dbe2134eb7af8be11bbb1f3823ee7f1a3e02a31a2363ea567e9d2346385a954d7ceea872bab4ef1c5df71f
-
SSDEEP
768:IGFnvGsPp3XlwDmqR9/aEVpqhCQn+CFer3OAYnqKvHlNyWVu3bZM9WlAQI9XHRXA:NFnOsPp3VwDmqR9y4pqhCQn+CFer3OAj
Malware Config
Targets
-
-
Target
NEAS.2d1ca9f58635fc85c0096d43ebdd5de0_JC.exe
-
Size
37KB
-
MD5
2d1ca9f58635fc85c0096d43ebdd5de0
-
SHA1
eb2e1704f3f8a6deb3d5ce4c3da054abc055a085
-
SHA256
ae8a7d657aae386b2f8511f7a0acfa696e82ad7d1f3917dc849f0a69890bc1ea
-
SHA512
35a243d7cb4bf86d60fa8bc164ea273297aac3e054dbe2134eb7af8be11bbb1f3823ee7f1a3e02a31a2363ea567e9d2346385a954d7ceea872bab4ef1c5df71f
-
SSDEEP
768:IGFnvGsPp3XlwDmqR9/aEVpqhCQn+CFer3OAYnqKvHlNyWVu3bZM9WlAQI9XHRXA:NFnOsPp3VwDmqR9y4pqhCQn+CFer3OAj
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Modifies WinLogon for persistence
-
Modifies security service
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Modifies Shared Task Scheduler registry keys
-
Registers new Print Monitor
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Windows security modification
-
Adds Run key to start application
-
Modifies WinLogon
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
9Registry Run Keys / Startup Folder
7Winlogon Helper DLL
2Create or Modify System Process
1Windows Service
1