General
-
Target
9650e00ef30bc7abe8becec63619e47c
-
Size
516KB
-
Sample
240212-fpy5vaed32
-
MD5
9650e00ef30bc7abe8becec63619e47c
-
SHA1
295a2a3b936f4d59134f0f9a1869220784de8a66
-
SHA256
93b16aa9542c8f7cc4b6cf48ce2f51cb3b97b71f055792d21209854cefb87d1a
-
SHA512
cbb68eca8094820f85242284663023f0bbc54d18a60c5f9eacae0db9ab32166e3b23c052b6861bc059ebd819b195af91a84f49cbeb48163083b1a3e5d2d43ff3
-
SSDEEP
12288:IDOCHBIeaaSjCSwtqg3lgvGJCSWMiHaWvwLU4U9xjZ:IMj0Wl+8VMiLr
Malware Config
Targets
-
-
Target
9650e00ef30bc7abe8becec63619e47c
-
Size
516KB
-
MD5
9650e00ef30bc7abe8becec63619e47c
-
SHA1
295a2a3b936f4d59134f0f9a1869220784de8a66
-
SHA256
93b16aa9542c8f7cc4b6cf48ce2f51cb3b97b71f055792d21209854cefb87d1a
-
SHA512
cbb68eca8094820f85242284663023f0bbc54d18a60c5f9eacae0db9ab32166e3b23c052b6861bc059ebd819b195af91a84f49cbeb48163083b1a3e5d2d43ff3
-
SSDEEP
12288:IDOCHBIeaaSjCSwtqg3lgvGJCSWMiHaWvwLU4U9xjZ:IMj0Wl+8VMiLr
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1