General
-
Target
da555d19c5f8266961ffd953d91dd8ee
-
Size
7.6MB
-
Sample
240321-bsqknahd9x
-
MD5
da555d19c5f8266961ffd953d91dd8ee
-
SHA1
44815e424c7ca729d1ffa0efcc868320bab017cc
-
SHA256
62d60d02e130532e6640bc74fe73bf32ba429c7e2345b156de215b79b0d7a1df
-
SHA512
ea57d1799a2e0a461832968dc38e1750973d2a66a587eaa1e84dbb75cfb6bab27b55d332e36a38dea223f807fdf50e0a12128b895fde6ec40834d98c560d2071
-
SSDEEP
196608:N7effIPEsy58doQaTzwZ8Jq3ELhf8cHpLG8doQpu8rVtxQuULG8doQal1Bf80bMk:N7effIPEsy58doQaTzwZ8Jq3ELhf8cHB
Static task
static1
Behavioral task
behavioral1
Sample
da555d19c5f8266961ffd953d91dd8ee.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
da555d19c5f8266961ffd953d91dd8ee.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
da555d19c5f8266961ffd953d91dd8ee
-
Size
7.6MB
-
MD5
da555d19c5f8266961ffd953d91dd8ee
-
SHA1
44815e424c7ca729d1ffa0efcc868320bab017cc
-
SHA256
62d60d02e130532e6640bc74fe73bf32ba429c7e2345b156de215b79b0d7a1df
-
SHA512
ea57d1799a2e0a461832968dc38e1750973d2a66a587eaa1e84dbb75cfb6bab27b55d332e36a38dea223f807fdf50e0a12128b895fde6ec40834d98c560d2071
-
SSDEEP
196608:N7effIPEsy58doQaTzwZ8Jq3ELhf8cHpLG8doQpu8rVtxQuULG8doQal1Bf80bMk:N7effIPEsy58doQaTzwZ8Jq3ELhf8cHB
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Sets service image path in registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2