General
-
Target
0419fa158298e87fd6342b25884f7ca2
-
Size
88KB
-
Sample
231224-s2944aeffl
-
MD5
0419fa158298e87fd6342b25884f7ca2
-
SHA1
f219af924f85542b88f71842367bbd39e4379179
-
SHA256
73f79c9a74c2b184936cc56328ae2f9b389284018b3f38bbb15f67c89e856bd1
-
SHA512
b9a1806e87348365a265e0a09b57a6897d290bbce188610e64948ef5fc7e1fb44c96363db163013ef47766346b1cdea5f86a01319686de82079e29380ec8fc2b
-
SSDEEP
768:L7mv35BMCHSTLUPdzqVegTLw4aMzI8ryPIaFG0YIb5ZnsxD5BMC8v:L7Q5bSTLUPduVe34aMc8WP/b5ZsxD5
Malware Config
Targets
-
-
Target
0419fa158298e87fd6342b25884f7ca2
-
Size
88KB
-
MD5
0419fa158298e87fd6342b25884f7ca2
-
SHA1
f219af924f85542b88f71842367bbd39e4379179
-
SHA256
73f79c9a74c2b184936cc56328ae2f9b389284018b3f38bbb15f67c89e856bd1
-
SHA512
b9a1806e87348365a265e0a09b57a6897d290bbce188610e64948ef5fc7e1fb44c96363db163013ef47766346b1cdea5f86a01319686de82079e29380ec8fc2b
-
SSDEEP
768:L7mv35BMCHSTLUPdzqVegTLw4aMzI8ryPIaFG0YIb5ZnsxD5BMC8v:L7Q5bSTLUPduVe34aMc8WP/b5ZsxD5
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1