General
-
Target
dc2ab5eddbbe80232875c7ae122fc9867f557fc44a5f46aac8eceeec9918f43c
-
Size
441KB
-
Sample
240323-alk6xsde6t
-
MD5
213375cac46a9575aa354ad6d5c46e38
-
SHA1
2a6b1a87e7fed126d762c71b90243457ee8b4eab
-
SHA256
dc2ab5eddbbe80232875c7ae122fc9867f557fc44a5f46aac8eceeec9918f43c
-
SHA512
27b7d81f0c7bad83cd63154d25c55cf0582aa1e0d01676d8ebe4aeaef92f2fbe13163da21499495ff5b4bfea44d09d2c938c9beb8355b3083cf16f2968e5c6d2
-
SSDEEP
12288:cLxrAGE1reeemeMX9RmsXeDa0JmDcQ9uu:cLy1reeemeE9RmyeDa0JmDwu
Static task
static1
Behavioral task
behavioral1
Sample
dc2ab5eddbbe80232875c7ae122fc9867f557fc44a5f46aac8eceeec9918f43c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
dc2ab5eddbbe80232875c7ae122fc9867f557fc44a5f46aac8eceeec9918f43c.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
dc2ab5eddbbe80232875c7ae122fc9867f557fc44a5f46aac8eceeec9918f43c
-
Size
441KB
-
MD5
213375cac46a9575aa354ad6d5c46e38
-
SHA1
2a6b1a87e7fed126d762c71b90243457ee8b4eab
-
SHA256
dc2ab5eddbbe80232875c7ae122fc9867f557fc44a5f46aac8eceeec9918f43c
-
SHA512
27b7d81f0c7bad83cd63154d25c55cf0582aa1e0d01676d8ebe4aeaef92f2fbe13163da21499495ff5b4bfea44d09d2c938c9beb8355b3083cf16f2968e5c6d2
-
SSDEEP
12288:cLxrAGE1reeemeMX9RmsXeDa0JmDcQ9uu:cLy1reeemeE9RmyeDa0JmDwu
Score10/10-
Modifies WinLogon for persistence
-
Detects executables built or packed with MPress PE compressor
-
UPX dump on OEP (original entry point)
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Browser Extensions
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Event Triggered Execution
1Change Default File Association
1