General
-
Target
1f0442ad3f186278669ebb85773aee8f
-
Size
367KB
-
Sample
231225-pvcngaedd6
-
MD5
1f0442ad3f186278669ebb85773aee8f
-
SHA1
6522afadcafef3cad1b5275659a259807bfe3552
-
SHA256
f01f5bffcce28483b4d59107a0bd727c4c00529a2de1d9f5076e55df447608b4
-
SHA512
ee9c657b2f7e8b02f87ab5a41a8ac650aab463cd4f1c70e9d31641e04d7956763e3af53b36dd57d04c9d434ac618f4ee4f9fe01be658528ed375524f79c86161
-
SSDEEP
6144:ikPv3h1mvP4Fuf9ihQoxSwJKTP9X0nquz57GWy2o1UjSMUg2mpkvE8:ie5kv66ilJJlnqud7xyD1U2bg1A
Malware Config
Targets
-
-
Target
1f0442ad3f186278669ebb85773aee8f
-
Size
367KB
-
MD5
1f0442ad3f186278669ebb85773aee8f
-
SHA1
6522afadcafef3cad1b5275659a259807bfe3552
-
SHA256
f01f5bffcce28483b4d59107a0bd727c4c00529a2de1d9f5076e55df447608b4
-
SHA512
ee9c657b2f7e8b02f87ab5a41a8ac650aab463cd4f1c70e9d31641e04d7956763e3af53b36dd57d04c9d434ac618f4ee4f9fe01be658528ed375524f79c86161
-
SSDEEP
6144:ikPv3h1mvP4Fuf9ihQoxSwJKTP9X0nquz57GWy2o1UjSMUg2mpkvE8:ie5kv66ilJJlnqud7xyD1U2bg1A
Score10/10-
Modifies WinLogon for persistence
-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1