General
-
Target
39350f1e07377b2e137d5b675f2ae6f0
-
Size
3.6MB
-
Sample
231231-rfmagadca2
-
MD5
39350f1e07377b2e137d5b675f2ae6f0
-
SHA1
e28004672640158dd23b18ac324882eedec6fce1
-
SHA256
3298d295282e6eb49356e08f55a19ccbd459b78e5a6003aa97d181fd46504303
-
SHA512
3b920669b59ce8962c2c1167a23b2ce5ab92177f29702ae192dc3c2e90642e3500055e03f88f4f19369723f5024e1113b6421fe960666671e0235c87386fd640
-
SSDEEP
98304:/LtxIGkUF4G/InbtqUxvtxV2zVy36REGL3oHPuHf:iUF4TbcUxVmU36RloHPQf
Malware Config
Targets
-
-
Target
39350f1e07377b2e137d5b675f2ae6f0
-
Size
3.6MB
-
MD5
39350f1e07377b2e137d5b675f2ae6f0
-
SHA1
e28004672640158dd23b18ac324882eedec6fce1
-
SHA256
3298d295282e6eb49356e08f55a19ccbd459b78e5a6003aa97d181fd46504303
-
SHA512
3b920669b59ce8962c2c1167a23b2ce5ab92177f29702ae192dc3c2e90642e3500055e03f88f4f19369723f5024e1113b6421fe960666671e0235c87386fd640
-
SSDEEP
98304:/LtxIGkUF4G/InbtqUxvtxV2zVy36REGL3oHPuHf:iUF4TbcUxVmU36RloHPQf
Score8/10-
Modifies Windows Firewall
-
Stops running service(s)
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2