General
-
Target
NEAS.39e1ed01bd994f0fed57df9722075cb0.exe
-
Size
333KB
-
Sample
231021-z5bt2adh89
-
MD5
39e1ed01bd994f0fed57df9722075cb0
-
SHA1
4603ab260e9c85625f140c2cb6385ad7bb80491c
-
SHA256
bb80187e69360a68a2615dd0851af707c3dee47e9a63bca715aa7c827f24f684
-
SHA512
161654b2336909ae243889fc9ff4f04dc16019d21871db9a1521008cff2b68eb4759b5fb19d5be1638adf43093ab04f4e21449d2382a4b5e0da9c3dd480f876f
-
SSDEEP
6144:4Gunw5Ln9nkP+6bKRRibSxbSIk/9C/tFbSxbSxbSxbSQfArCmIHHbSxbSxbS/ddB:R5ju+aeO1C1peeeJfklIbeeu
Malware Config
Targets
-
-
Target
NEAS.39e1ed01bd994f0fed57df9722075cb0.exe
-
Size
333KB
-
MD5
39e1ed01bd994f0fed57df9722075cb0
-
SHA1
4603ab260e9c85625f140c2cb6385ad7bb80491c
-
SHA256
bb80187e69360a68a2615dd0851af707c3dee47e9a63bca715aa7c827f24f684
-
SHA512
161654b2336909ae243889fc9ff4f04dc16019d21871db9a1521008cff2b68eb4759b5fb19d5be1638adf43093ab04f4e21449d2382a4b5e0da9c3dd480f876f
-
SSDEEP
6144:4Gunw5Ln9nkP+6bKRRibSxbSIk/9C/tFbSxbSxbSxbSQfArCmIHHbSxbSxbS/ddB:R5ju+aeO1C1peeeJfklIbeeu
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Modifies system executable filetype association
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Modifies WinLogon
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Browser Extensions
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Event Triggered Execution
1Change Default File Association
1