General
-
Target
997d9073490f99d3ab201aab5dc7c0ffa14fa018a003d24495477758c83539a4
-
Size
3.0MB
-
Sample
240409-1zxpzsdg22
-
MD5
1138af762ea974c40591ecf18fc08510
-
SHA1
748bf62069ad5e51063ce98fe1cc5b119de18bff
-
SHA256
997d9073490f99d3ab201aab5dc7c0ffa14fa018a003d24495477758c83539a4
-
SHA512
3559ef4ea08feb7a6a7255a6bffa9f8405ae0fb28e6ee6fc302c5f6eae1823b7d55ede073c4a8fe7149fbd587d63a655cc7fce422c4c8fe5555b07b49980e640
-
SSDEEP
24576:PN7VG8rVG8tN7VG8WN7VG8rVG8tN7VG8YN7VG8rVG8tN7VG8kN7VG8rVG8tN7VGX:P55H5455H5i55H5m55H5055H5Q55H5s
Malware Config
Targets
-
-
Target
997d9073490f99d3ab201aab5dc7c0ffa14fa018a003d24495477758c83539a4
-
Size
3.0MB
-
MD5
1138af762ea974c40591ecf18fc08510
-
SHA1
748bf62069ad5e51063ce98fe1cc5b119de18bff
-
SHA256
997d9073490f99d3ab201aab5dc7c0ffa14fa018a003d24495477758c83539a4
-
SHA512
3559ef4ea08feb7a6a7255a6bffa9f8405ae0fb28e6ee6fc302c5f6eae1823b7d55ede073c4a8fe7149fbd587d63a655cc7fce422c4c8fe5555b07b49980e640
-
SSDEEP
24576:PN7VG8rVG8tN7VG8WN7VG8rVG8tN7VG8YN7VG8rVG8tN7VG8kN7VG8rVG8tN7VGX:P55H5455H5i55H5m55H5055H5Q55H5s
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
UAC bypass
-
UPX dump on OEP (original entry point)
-
Disables RegEdit via registry modification
-
Disables use of System Restore points
-
Drops file in Drivers directory
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify Tools
1Modify Registry
9