General
-
Target
Desktop Screenshot 2024.03.30 - 11.04.22.13.png
-
Size
166KB
-
Sample
240519-jabyjsge3x
-
MD5
5af238960958cd22200c935c7f41aed2
-
SHA1
619fc5553ac502ca819abc59b4fc5df94f0eadc1
-
SHA256
472c8c9174eef38f676be188f8c62fbc3ff6ec78da863b1f022823dd5cda5679
-
SHA512
e03fa2478b7830c22e4ac8be5e9ac2c507097159db9e0aa8a5ccbfe7f146ff0de7e134378c8d05248e31282383715e73d80a78b916a107a9e7afe823d0f913b2
-
SSDEEP
3072:y9dPddwqNGJWDzJbhx85o9dBNtxJQfFP5u3NcrJnHl8zrFBksmCTzl:IZB9Ddp9trwPs3GrJHl8HFBksmCTzl
Static task
static1
Behavioral task
behavioral1
Sample
Desktop Screenshot 2024.03.30 - 11.04.22.13.png
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
Desktop Screenshot 2024.03.30 - 11.04.22.13.png
-
Size
166KB
-
MD5
5af238960958cd22200c935c7f41aed2
-
SHA1
619fc5553ac502ca819abc59b4fc5df94f0eadc1
-
SHA256
472c8c9174eef38f676be188f8c62fbc3ff6ec78da863b1f022823dd5cda5679
-
SHA512
e03fa2478b7830c22e4ac8be5e9ac2c507097159db9e0aa8a5ccbfe7f146ff0de7e134378c8d05248e31282383715e73d80a78b916a107a9e7afe823d0f913b2
-
SSDEEP
3072:y9dPddwqNGJWDzJbhx85o9dBNtxJQfFP5u3NcrJnHl8zrFBksmCTzl:IZB9Ddp9trwPs3GrJHl8HFBksmCTzl
-
Modifies WinLogon for persistence
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Possible privilege escalation attempt
-
Executes dropped EXE
-
Modifies file permissions
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1