General
-
Target
63a6e3a33bb1693078924c828c18435a.bin
-
Size
3.1MB
-
Sample
240119-cac3aaedh4
-
MD5
63a6e3a33bb1693078924c828c18435a
-
SHA1
15f1a8782d3baba906367c4633b4e807616b0e39
-
SHA256
e57492476a722bdf2e149084614ecb809e46981b0f6e894b435fd10c837868b2
-
SHA512
0bbca836bd9026228fd2648585e654422125460422bee2df529b789ed747a914e9a43709cf68e3cacd5869f2edd9606310f87ac81e0ae587a0eca86ae209dd44
-
SSDEEP
98304:4CqKOvyKY3QYu1c4aj22s017tvTojHfMqg39h:ZOyKYAYu32sitboj0qsh
Malware Config
Targets
-
-
Target
63a6e3a33bb1693078924c828c18435a.bin
-
Size
3.1MB
-
MD5
63a6e3a33bb1693078924c828c18435a
-
SHA1
15f1a8782d3baba906367c4633b4e807616b0e39
-
SHA256
e57492476a722bdf2e149084614ecb809e46981b0f6e894b435fd10c837868b2
-
SHA512
0bbca836bd9026228fd2648585e654422125460422bee2df529b789ed747a914e9a43709cf68e3cacd5869f2edd9606310f87ac81e0ae587a0eca86ae209dd44
-
SSDEEP
98304:4CqKOvyKY3QYu1c4aj22s017tvTojHfMqg39h:ZOyKYAYu32sitboj0qsh
Score8/10-
Modifies Windows Firewall
-
Stops running service(s)
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1