General
-
Target
6f6da99e6e13bb7b1f15c5b0dfeed251
-
Size
920KB
-
Sample
240122-megldaeef7
-
MD5
6f6da99e6e13bb7b1f15c5b0dfeed251
-
SHA1
046c5c1e3707d49a59320b5497cf178b52cc3442
-
SHA256
80cc797c50a5f855d0505d33dfdf329de205fa1c19b4d03f787d0d4e8a8e7502
-
SHA512
f56c5d061e01a6b807b72839000424f797e5d8f35534f2eb1cc8b41735b4e9a96b2e27e8a3cb31d3b3b49d30d70a7f3fcfa5ab32dbd7a297aef43c95f8a6cfd7
-
SSDEEP
24576:iwApu99lPzvxP+Bsz2XjWTRMQckkIXGD0QZh9u:dApIzpP+hickkIp
Behavioral task
behavioral1
Sample
6f6da99e6e13bb7b1f15c5b0dfeed251.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6f6da99e6e13bb7b1f15c5b0dfeed251.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
6f6da99e6e13bb7b1f15c5b0dfeed251
-
Size
920KB
-
MD5
6f6da99e6e13bb7b1f15c5b0dfeed251
-
SHA1
046c5c1e3707d49a59320b5497cf178b52cc3442
-
SHA256
80cc797c50a5f855d0505d33dfdf329de205fa1c19b4d03f787d0d4e8a8e7502
-
SHA512
f56c5d061e01a6b807b72839000424f797e5d8f35534f2eb1cc8b41735b4e9a96b2e27e8a3cb31d3b3b49d30d70a7f3fcfa5ab32dbd7a297aef43c95f8a6cfd7
-
SSDEEP
24576:iwApu99lPzvxP+Bsz2XjWTRMQckkIXGD0QZh9u:dApIzpP+hickkIp
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2