General
-
Target
6c43e7a9c4152f2dff5ead7e60deb9aa
-
Size
274KB
-
Sample
240121-d9wt4seaap
-
MD5
6c43e7a9c4152f2dff5ead7e60deb9aa
-
SHA1
9ed84cc302ffb5d05132d6d6cb095c3bf726ecfa
-
SHA256
23be7156029f11989e77e9a1e836029ae196d0f06578b1b630b2fa691e736706
-
SHA512
4be7f0abd7c21575761d922f65f9508ad6a965b26daebb97d6d1f78de6d29b03825de7060f03dde029e37009e2d0c4953f31308d820dd5c7630e693d738b886a
-
SSDEEP
6144:W1iJcYtR1HsvpSHY7KoSrfTNBuzZZcA1wnOLrMM40FY:WkHcpSHY7VSrfT2/czO3HzFY
Behavioral task
behavioral1
Sample
6c43e7a9c4152f2dff5ead7e60deb9aa.exe
Resource
win7-20231215-en
Malware Config
Targets
-
-
Target
6c43e7a9c4152f2dff5ead7e60deb9aa
-
Size
274KB
-
MD5
6c43e7a9c4152f2dff5ead7e60deb9aa
-
SHA1
9ed84cc302ffb5d05132d6d6cb095c3bf726ecfa
-
SHA256
23be7156029f11989e77e9a1e836029ae196d0f06578b1b630b2fa691e736706
-
SHA512
4be7f0abd7c21575761d922f65f9508ad6a965b26daebb97d6d1f78de6d29b03825de7060f03dde029e37009e2d0c4953f31308d820dd5c7630e693d738b886a
-
SSDEEP
6144:W1iJcYtR1HsvpSHY7KoSrfTNBuzZZcA1wnOLrMM40FY:WkHcpSHY7VSrfT2/czO3HzFY
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2