General
-
Target
c8a5086308d74d3d4107ee753534c849
-
Size
120KB
-
Sample
240314-pxlzxsee24
-
MD5
c8a5086308d74d3d4107ee753534c849
-
SHA1
398117a033b264752a97dd79679a0c0481e53750
-
SHA256
a170f5c3ed408ba0d9e247ac1fb02afa02a9a4826615d934f72b4471ebbb3b0b
-
SHA512
ffbfd898d518719db94752715e34d4f8ef6232a2bc55cc4522be9eff67685a199efb88f011062e67c7a4d6339e88cab5e1ceea9896577644888d319124343a3c
-
SSDEEP
1536:p5pzbvIlkSJuzhFQTn9Csr5SbyOuYIsWeAwadDDyWetats:Bzo/rfDYIsWeAeLtats
Malware Config
Targets
-
-
Target
c8a5086308d74d3d4107ee753534c849
-
Size
120KB
-
MD5
c8a5086308d74d3d4107ee753534c849
-
SHA1
398117a033b264752a97dd79679a0c0481e53750
-
SHA256
a170f5c3ed408ba0d9e247ac1fb02afa02a9a4826615d934f72b4471ebbb3b0b
-
SHA512
ffbfd898d518719db94752715e34d4f8ef6232a2bc55cc4522be9eff67685a199efb88f011062e67c7a4d6339e88cab5e1ceea9896577644888d319124343a3c
-
SSDEEP
1536:p5pzbvIlkSJuzhFQTn9Csr5SbyOuYIsWeAwadDDyWetats:Bzo/rfDYIsWeAeLtats
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1