General
-
Target
040a43a53026d1eb8a1b39fb1216e716.exe
-
Size
556KB
-
Sample
240101-yppwaabeh3
-
MD5
040a43a53026d1eb8a1b39fb1216e716
-
SHA1
9090487c6b239968f3e980f24d87f01e8a2f0c95
-
SHA256
5def381413fba68eb44ef49c9991bdea93daf3ae3ff4d86d0c0120c5b2bb49a4
-
SHA512
38706f6fa14f8c9120f7e63c76dc767ed071c2d4de016ddb5ee408bc8f614a72d5a5e66608d67f147bc1cdd952685ae1a49caa8624a1e782a4f9ae82ba002f85
-
SSDEEP
12288:Dlsns1q8NrrTCP5FyTNiQXsRgkEgAayFQQHzO:S8Nrr2DeNncJlQTO
Static task
static1
Behavioral task
behavioral1
Sample
040a43a53026d1eb8a1b39fb1216e716.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
040a43a53026d1eb8a1b39fb1216e716.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
040a43a53026d1eb8a1b39fb1216e716.exe
-
Size
556KB
-
MD5
040a43a53026d1eb8a1b39fb1216e716
-
SHA1
9090487c6b239968f3e980f24d87f01e8a2f0c95
-
SHA256
5def381413fba68eb44ef49c9991bdea93daf3ae3ff4d86d0c0120c5b2bb49a4
-
SHA512
38706f6fa14f8c9120f7e63c76dc767ed071c2d4de016ddb5ee408bc8f614a72d5a5e66608d67f147bc1cdd952685ae1a49caa8624a1e782a4f9ae82ba002f85
-
SSDEEP
12288:Dlsns1q8NrrTCP5FyTNiQXsRgkEgAayFQQHzO:S8Nrr2DeNncJlQTO
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Installed Components in the registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies WinLogon
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Pre-OS Boot
1Bootkit
1