General
-
Target
4fedc06026525debd3c254f9efe10591
-
Size
2.0MB
-
Sample
240110-h5fpjsahfp
-
MD5
4fedc06026525debd3c254f9efe10591
-
SHA1
13179d178abc9cc39d7ed3244e5b9868ede46e0f
-
SHA256
c613cdeb5e3f5f48a0361fe7c9e654b30a99eb85c8adfa4ecc493ecc69d76ae3
-
SHA512
a33082cae94b0c327b63ece3cfb61039d78840970f51b91a54ec0ba3b583a88cea04245e00fc1912e2fa10989ff9766ce9a507cbf2e8c5d2b0ab30e3f0f9aa1e
-
SSDEEP
49152:qeJfAJGpLD0rnP870aDe1PcrnP87NmDe1PW:qeVAJUgEq1UEJ1O
Malware Config
Targets
-
-
Target
4fedc06026525debd3c254f9efe10591
-
Size
2.0MB
-
MD5
4fedc06026525debd3c254f9efe10591
-
SHA1
13179d178abc9cc39d7ed3244e5b9868ede46e0f
-
SHA256
c613cdeb5e3f5f48a0361fe7c9e654b30a99eb85c8adfa4ecc493ecc69d76ae3
-
SHA512
a33082cae94b0c327b63ece3cfb61039d78840970f51b91a54ec0ba3b583a88cea04245e00fc1912e2fa10989ff9766ce9a507cbf2e8c5d2b0ab30e3f0f9aa1e
-
SSDEEP
49152:qeJfAJGpLD0rnP870aDe1PcrnP87NmDe1PW:qeVAJUgEq1UEJ1O
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1