General
-
Target
5fd6daa4d3e0caf838a4abbac3f5687017ce143cacbca05dd1fd4b7befab6a48
-
Size
426KB
-
Sample
240323-zveg6seh8x
-
MD5
287640c09f2760fa1e705b41353a3c80
-
SHA1
ee5632b4da6a8f657083f7c22f60363ab1e70059
-
SHA256
5fd6daa4d3e0caf838a4abbac3f5687017ce143cacbca05dd1fd4b7befab6a48
-
SHA512
cc1edc384e14909f6f04ed6fe51b27f442057b37cbbf3bc380ebcdff3a3d7ea32e4bfa3b3ced51840a1e5d3034e54c54e413e6aa4cc55142883c31d42be82bc6
-
SSDEEP
6144:cLxrnIIA8briXbSJQ3bSxbSxbSCr93Zk4bSDD/B+G/B+ybSE1bS7/B+8vheDObSI:cLxrAGE1reehTlOVBZjqJJeiVQ9af
Static task
static1
Behavioral task
behavioral1
Sample
5fd6daa4d3e0caf838a4abbac3f5687017ce143cacbca05dd1fd4b7befab6a48.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5fd6daa4d3e0caf838a4abbac3f5687017ce143cacbca05dd1fd4b7befab6a48.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
5fd6daa4d3e0caf838a4abbac3f5687017ce143cacbca05dd1fd4b7befab6a48
-
Size
426KB
-
MD5
287640c09f2760fa1e705b41353a3c80
-
SHA1
ee5632b4da6a8f657083f7c22f60363ab1e70059
-
SHA256
5fd6daa4d3e0caf838a4abbac3f5687017ce143cacbca05dd1fd4b7befab6a48
-
SHA512
cc1edc384e14909f6f04ed6fe51b27f442057b37cbbf3bc380ebcdff3a3d7ea32e4bfa3b3ced51840a1e5d3034e54c54e413e6aa4cc55142883c31d42be82bc6
-
SSDEEP
6144:cLxrnIIA8briXbSJQ3bSxbSxbSCr93Zk4bSDD/B+G/B+ybSE1bS7/B+8vheDObSI:cLxrAGE1reehTlOVBZjqJJeiVQ9af
Score10/10-
Modifies WinLogon for persistence
-
Detects executables built or packed with MPress PE compressor
-
UPX dump on OEP (original entry point)
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Browser Extensions
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Event Triggered Execution
1Change Default File Association
1