General
-
Target
276adb68f12180b9d66d038318e86e99
-
Size
327KB
-
Sample
231225-sbrvtseee5
-
MD5
276adb68f12180b9d66d038318e86e99
-
SHA1
a89b05c08e2fcff8ba0a7734dc757deabc32c810
-
SHA256
73ef03be3b36b016be8b11edc576bbdd8c9afa369ecca25e8b3c4d8abd205757
-
SHA512
5963f53f3c2b7884b87882bef906d98a936c02c4a0491badab20827c87cd0d385bf364c6e3d5479afdd564c327898560182d6e4dc53320d6c8366843538e004b
-
SSDEEP
6144:0lZ/zUMu4pDSxsCMRzf7x3SfS1JAzXBtL76lMikrIcvjbEdAZr:0HLUMuiv9RgfSjAzRtyMikrIcvjwdAR
Malware Config
Targets
-
-
Target
276adb68f12180b9d66d038318e86e99
-
Size
327KB
-
MD5
276adb68f12180b9d66d038318e86e99
-
SHA1
a89b05c08e2fcff8ba0a7734dc757deabc32c810
-
SHA256
73ef03be3b36b016be8b11edc576bbdd8c9afa369ecca25e8b3c4d8abd205757
-
SHA512
5963f53f3c2b7884b87882bef906d98a936c02c4a0491badab20827c87cd0d385bf364c6e3d5479afdd564c327898560182d6e4dc53320d6c8366843538e004b
-
SSDEEP
6144:0lZ/zUMu4pDSxsCMRzf7x3SfS1JAzXBtL76lMikrIcvjbEdAZr:0HLUMuiv9RgfSjAzRtyMikrIcvjwdAR
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables use of System Restore points
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
4