General
-
Target
6d48bd0bdd9bb1bacd680fd240f4ecf0
-
Size
1.2MB
-
Sample
240121-pel7zacefj
-
MD5
6d48bd0bdd9bb1bacd680fd240f4ecf0
-
SHA1
23c95c2332497b905ed619ad79118b31a671d74a
-
SHA256
f85e2c78d57c70f2f1f090bda82623cdff0b20c8c77a81b86db605e1dee376f5
-
SHA512
a945eb7bebf700a1870afeed2532bf869932002312b8b5bf71be033014a57ab28a835b54e1b7730f30435c862a5fd26c2ed7d6fab09f6489c311a30d05fa0dc8
-
SSDEEP
24576:j+9EX3CkF1w8T1+J86F/uq3Mo6ZYoatEOKfXt:S9z2W8T1+J86F/FgrxX
Static task
static1
Behavioral task
behavioral1
Sample
6d48bd0bdd9bb1bacd680fd240f4ecf0.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6d48bd0bdd9bb1bacd680fd240f4ecf0.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
6d48bd0bdd9bb1bacd680fd240f4ecf0
-
Size
1.2MB
-
MD5
6d48bd0bdd9bb1bacd680fd240f4ecf0
-
SHA1
23c95c2332497b905ed619ad79118b31a671d74a
-
SHA256
f85e2c78d57c70f2f1f090bda82623cdff0b20c8c77a81b86db605e1dee376f5
-
SHA512
a945eb7bebf700a1870afeed2532bf869932002312b8b5bf71be033014a57ab28a835b54e1b7730f30435c862a5fd26c2ed7d6fab09f6489c311a30d05fa0dc8
-
SSDEEP
24576:j+9EX3CkF1w8T1+J86F/uq3Mo6ZYoatEOKfXt:S9z2W8T1+J86F/FgrxX
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2