General
-
Target
1774407b4a680a3422eefb201a5d48c7
-
Size
3.8MB
-
Sample
231230-nw9txscgg2
-
MD5
1774407b4a680a3422eefb201a5d48c7
-
SHA1
fffee0efd8def6036a49a126281815942c039447
-
SHA256
7a109773cdd338fcf7eb020944c9dda636a725d2a1dc9768b5a81fa40192638b
-
SHA512
ea66a2a259c0fa941d3e9dc8e137a72020d7f9bc3f6aebd8ed783f5a32aeba2aab6c96324a81a3cef83818856694fdd580cfd20f1382e3bddc0d0927d81b22b6
-
SSDEEP
98304:KN3T5Vtl33Kbl4UfU1SQHyVP4W3Zkzqrq0b7FrJzBxqPGiQv4G:KNj5hKblVcKZfpQqeA7FrJlxmQv3
Malware Config
Targets
-
-
Target
1774407b4a680a3422eefb201a5d48c7
-
Size
3.8MB
-
MD5
1774407b4a680a3422eefb201a5d48c7
-
SHA1
fffee0efd8def6036a49a126281815942c039447
-
SHA256
7a109773cdd338fcf7eb020944c9dda636a725d2a1dc9768b5a81fa40192638b
-
SHA512
ea66a2a259c0fa941d3e9dc8e137a72020d7f9bc3f6aebd8ed783f5a32aeba2aab6c96324a81a3cef83818856694fdd580cfd20f1382e3bddc0d0927d81b22b6
-
SSDEEP
98304:KN3T5Vtl33Kbl4UfU1SQHyVP4W3Zkzqrq0b7FrJzBxqPGiQv4G:KNj5hKblVcKZfpQqeA7FrJlxmQv3
Score8/10-
Modifies Windows Firewall
-
Stops running service(s)
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1