General
-
Target
244a7e163d42fcddb89553eeea91efa9
-
Size
17KB
-
Sample
231231-csbbeagdf7
-
MD5
244a7e163d42fcddb89553eeea91efa9
-
SHA1
d647e5d5c088a660638c410e5f021664ce5978f7
-
SHA256
2058dd10037d008cd1d66974e7c8b3f128ccb5961d909548d05d51414c8cdabc
-
SHA512
e4c85ecf33c24aeacf0b7953a2dc0bfff3e6e033865f0b23fdafd0174e82fb5e077366e17326597305864c28ef5e006ad732b91912aca6efc603396edc081daf
-
SSDEEP
384:jvQrgSuNMPOY+blFXWyAzcmlba3n59qC3Zth3BPr3B0S:jvN3NMPOYsFG5pm35h3l1
Malware Config
Targets
-
-
Target
244a7e163d42fcddb89553eeea91efa9
-
Size
17KB
-
MD5
244a7e163d42fcddb89553eeea91efa9
-
SHA1
d647e5d5c088a660638c410e5f021664ce5978f7
-
SHA256
2058dd10037d008cd1d66974e7c8b3f128ccb5961d909548d05d51414c8cdabc
-
SHA512
e4c85ecf33c24aeacf0b7953a2dc0bfff3e6e033865f0b23fdafd0174e82fb5e077366e17326597305864c28ef5e006ad732b91912aca6efc603396edc081daf
-
SSDEEP
384:jvQrgSuNMPOY+blFXWyAzcmlba3n59qC3Zth3BPr3B0S:jvN3NMPOYsFG5pm35h3l1
Score10/10-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-