General
-
Target
NEAS.322f9a41f7883e8292b9187684826c40.exe
-
Size
141KB
-
Sample
231113-cjgrtsfh98
-
MD5
322f9a41f7883e8292b9187684826c40
-
SHA1
a361f382992dd745159ab60e4b94ba5c3f86ca80
-
SHA256
737c9375cd60423cbf0056af1e7b0e666e6c673d0f580e696161a01d5b551a48
-
SHA512
5c6ecce696c81bbb9aa6acb6e1a55583cd169deed68710cee04872abfa9016382973e36a3478b7f2d9a710e2f5b01b578690f0525cb6e52541fed9c8c8963c6c
-
SSDEEP
3072:ELlglTEH6xklGwA/qkwsjvxzzjNjljIxjfjA8bnIIIId:aqAHCntRlg/5
Malware Config
Targets
-
-
Target
NEAS.322f9a41f7883e8292b9187684826c40.exe
-
Size
141KB
-
MD5
322f9a41f7883e8292b9187684826c40
-
SHA1
a361f382992dd745159ab60e4b94ba5c3f86ca80
-
SHA256
737c9375cd60423cbf0056af1e7b0e666e6c673d0f580e696161a01d5b551a48
-
SHA512
5c6ecce696c81bbb9aa6acb6e1a55583cd169deed68710cee04872abfa9016382973e36a3478b7f2d9a710e2f5b01b578690f0525cb6e52541fed9c8c8963c6c
-
SSDEEP
3072:ELlglTEH6xklGwA/qkwsjvxzzjNjljIxjfjA8bnIIIId:aqAHCntRlg/5
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1