General
-
Target
6026f25d2195decd2904223e7118712a
-
Size
636KB
-
Sample
231226-kg29rabcc2
-
MD5
6026f25d2195decd2904223e7118712a
-
SHA1
a9f965661b3e3fca899b33a036832ebe2e5dfa8d
-
SHA256
6e0bea15ef642c0cbcea5b487d7a5402d00592232bb14f6c5ba5273478ae002a
-
SHA512
b41efc5bd80b9f0506087fd2894b76751e186e529fa7ae53c7cacd63b3a9c6b5561b687affea7a40050b896725acc8e18558452f753274be7d95d0aec43f5ebd
-
SSDEEP
6144:9j6/wndfF/gl0LQIk8DR3dEuAI7pEfxsZozAm9TMdGQLUg1nYmefPImdrionXdbV:F6onxOp8FySpE5zvIdtU+YmefZ3MMq
Malware Config
Targets
-
-
Target
6026f25d2195decd2904223e7118712a
-
Size
636KB
-
MD5
6026f25d2195decd2904223e7118712a
-
SHA1
a9f965661b3e3fca899b33a036832ebe2e5dfa8d
-
SHA256
6e0bea15ef642c0cbcea5b487d7a5402d00592232bb14f6c5ba5273478ae002a
-
SHA512
b41efc5bd80b9f0506087fd2894b76751e186e529fa7ae53c7cacd63b3a9c6b5561b687affea7a40050b896725acc8e18558452f753274be7d95d0aec43f5ebd
-
SSDEEP
6144:9j6/wndfF/gl0LQIk8DR3dEuAI7pEfxsZozAm9TMdGQLUg1nYmefPImdrionXdbV:F6onxOp8FySpE5zvIdtU+YmefZ3MMq
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1