General
-
Target
abf08f07efa8db5654e709426160725d
-
Size
60KB
-
Sample
240228-p9fnnscb8y
-
MD5
abf08f07efa8db5654e709426160725d
-
SHA1
8318d4b8d669de17574ea4d593b3dfaf900eb6c4
-
SHA256
d4d6f89b7199b007643cd661ce2674353bda468adb9a306e1acfd1240238a5cc
-
SHA512
9f18d87ca29f1a64349d2a0e5fe18150c4625775c79f01c71e04113618bb108ffacea28fbe434eb6802e35c7e0d169548925d145f841ed46e3a07f6eed714728
-
SSDEEP
768:vXKKOM9rPeD0nD+iWHTiOHTZbO0lBoBadfouomqiD7bcYq6oW1GOUqyhpQQuIXj3:/gM9T0SD+iW+4Y4kjp2lKw
Malware Config
Targets
-
-
Target
abf08f07efa8db5654e709426160725d
-
Size
60KB
-
MD5
abf08f07efa8db5654e709426160725d
-
SHA1
8318d4b8d669de17574ea4d593b3dfaf900eb6c4
-
SHA256
d4d6f89b7199b007643cd661ce2674353bda468adb9a306e1acfd1240238a5cc
-
SHA512
9f18d87ca29f1a64349d2a0e5fe18150c4625775c79f01c71e04113618bb108ffacea28fbe434eb6802e35c7e0d169548925d145f841ed46e3a07f6eed714728
-
SSDEEP
768:vXKKOM9rPeD0nD+iWHTiOHTZbO0lBoBadfouomqiD7bcYq6oW1GOUqyhpQQuIXj3:/gM9T0SD+iW+4Y4kjp2lKw
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1