General
-
Target
KMSAuto Net.exe
-
Size
6.6MB
-
Sample
240221-mflxgsea2z
-
MD5
69d0ee2a1e6746241a13721dd515ef81
-
SHA1
a82c168fd2badecfff3bfe3c5eb5e7029637a7d1
-
SHA256
fbca317a26e664bb927b7d2cd7c5503eb94bb02ac539ae0d50c3bfa7eefd8c3d
-
SHA512
dfd27c1ff4f3cc2355deaa15988acad69c2aab9fff038220bcf52f2730594acf80da0161a0b23a1cab0b9f432145fbc7acd8e4f3703c1af2234e30768060a5ed
-
SSDEEP
196608:DywBGqyw15cywuywQyw8ywlywLywRX5yw9lywfywEywFyw5ywwywmIBywyywrywb:GwBGnw1zwjwNwhwIwuwRX0w9IwqwJwoT
Malware Config
Targets
-
-
Target
KMSAuto Net.exe
-
Size
6.6MB
-
MD5
69d0ee2a1e6746241a13721dd515ef81
-
SHA1
a82c168fd2badecfff3bfe3c5eb5e7029637a7d1
-
SHA256
fbca317a26e664bb927b7d2cd7c5503eb94bb02ac539ae0d50c3bfa7eefd8c3d
-
SHA512
dfd27c1ff4f3cc2355deaa15988acad69c2aab9fff038220bcf52f2730594acf80da0161a0b23a1cab0b9f432145fbc7acd8e4f3703c1af2234e30768060a5ed
-
SSDEEP
196608:DywBGqyw15cywuywQyw8ywlywLywRX5yw9lywfywEywFyw5ywwywmIBywyywrywb:GwBGnw1zwjwNwhwIwuwRX0w9IwqwJwoT
Score8/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Stops running service(s)
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3