General
-
Target
b5ba3b909b6349674d39bdb5c4b0ca289767ff59de02cfe6a9eee0a59445fc58
-
Size
5.8MB
-
Sample
240424-kmbc8agb54
-
MD5
5e79f5e3aa958cc74889bf7bb797516b
-
SHA1
4ec8da4bfff5ab6557d155782799221880a37b9e
-
SHA256
b5ba3b909b6349674d39bdb5c4b0ca289767ff59de02cfe6a9eee0a59445fc58
-
SHA512
c56daf64d999b86f4bead6f368dce78d58ccc4f5ee8cf72d19ea2133583079783c5fac5b222c56c03481e4e3ac1e466887a8766abeb3fbbc7f6d6847008b75cb
-
SSDEEP
98304:xupzPIBhNeFTIPU7VtieVoMKm70TtsS1AO:0liNEIm4eKMKm70B
Static task
static1
Behavioral task
behavioral1
Sample
b5ba3b909b6349674d39bdb5c4b0ca289767ff59de02cfe6a9eee0a59445fc58.dll
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
b5ba3b909b6349674d39bdb5c4b0ca289767ff59de02cfe6a9eee0a59445fc58
-
Size
5.8MB
-
MD5
5e79f5e3aa958cc74889bf7bb797516b
-
SHA1
4ec8da4bfff5ab6557d155782799221880a37b9e
-
SHA256
b5ba3b909b6349674d39bdb5c4b0ca289767ff59de02cfe6a9eee0a59445fc58
-
SHA512
c56daf64d999b86f4bead6f368dce78d58ccc4f5ee8cf72d19ea2133583079783c5fac5b222c56c03481e4e3ac1e466887a8766abeb3fbbc7f6d6847008b75cb
-
SSDEEP
98304:xupzPIBhNeFTIPU7VtieVoMKm70TtsS1AO:0liNEIm4eKMKm70B
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Abuse Elevation Control Mechanism
1Bypass User Account Control
1