General
-
Target
8df8c579fd804944150aa3e2d11c4752
-
Size
727KB
-
Sample
240204-cq3b4sfbd3
-
MD5
8df8c579fd804944150aa3e2d11c4752
-
SHA1
44ddcb5413f60619139d2a2bb30711f1a5606f56
-
SHA256
04f21d0ee0165c994d0cbfad13e8c0b67d858a51d9f70b97008c022a5ee9d80f
-
SHA512
773b74d1b9742e33401804c87708e440f02355b1edab4c56f9a899174e3aa59c5a693c7b7de5fa846aa657942e4cebda57626794886e3f1bb480721af9514b64
-
SSDEEP
6144:51db49+rEg024fpLZazEjvE/rbay19tSt4bO2BaDmeBJe59zP8HzinW9eIVh6nlt:5jkArEN249AyE/rbaMct4bO2/Vzp7J6
Malware Config
Targets
-
-
Target
8df8c579fd804944150aa3e2d11c4752
-
Size
727KB
-
MD5
8df8c579fd804944150aa3e2d11c4752
-
SHA1
44ddcb5413f60619139d2a2bb30711f1a5606f56
-
SHA256
04f21d0ee0165c994d0cbfad13e8c0b67d858a51d9f70b97008c022a5ee9d80f
-
SHA512
773b74d1b9742e33401804c87708e440f02355b1edab4c56f9a899174e3aa59c5a693c7b7de5fa846aa657942e4cebda57626794886e3f1bb480721af9514b64
-
SSDEEP
6144:51db49+rEg024fpLZazEjvE/rbay19tSt4bO2BaDmeBJe59zP8HzinW9eIVh6nlt:5jkArEN249AyE/rbaMct4bO2/Vzp7J6
Score10/10-
Modifies WinLogon for persistence
-
Drops startup file
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1