General
-
Target
70e132d60a1e83f2e896851beddfad93
-
Size
165KB
-
Sample
240123-3vh25sdbc5
-
MD5
70e132d60a1e83f2e896851beddfad93
-
SHA1
63fc3c97e2b078d60220f09fd8f9fa3b069a5db8
-
SHA256
e2635c15a9bdfe1443886047ff013d4c5337b7e9cb24e30d4baab24dc4979a4c
-
SHA512
4f998c2928c9675489f71e3426717911c6f39fcb8ee1e37170cd7c53dc49aecca3cb716647df2fcb774cdfaba5ec7d8d1a765e059db6f5a4ae884353c5b27437
-
SSDEEP
3072:qcspdVgUOV5wxuVpJ3w9F6+r3BEiGQ5SJxWGs05bfTrayrYG6CuUDLYgnO:qcspdvoqF6+r3BEizSJxBs05bfTrz
Malware Config
Targets
-
-
Target
70e132d60a1e83f2e896851beddfad93
-
Size
165KB
-
MD5
70e132d60a1e83f2e896851beddfad93
-
SHA1
63fc3c97e2b078d60220f09fd8f9fa3b069a5db8
-
SHA256
e2635c15a9bdfe1443886047ff013d4c5337b7e9cb24e30d4baab24dc4979a4c
-
SHA512
4f998c2928c9675489f71e3426717911c6f39fcb8ee1e37170cd7c53dc49aecca3cb716647df2fcb774cdfaba5ec7d8d1a765e059db6f5a4ae884353c5b27437
-
SSDEEP
3072:qcspdVgUOV5wxuVpJ3w9F6+r3BEiGQ5SJxWGs05bfTrayrYG6CuUDLYgnO:qcspdvoqF6+r3BEizSJxBs05bfTrz
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1