General
-
Target
0459a8e0227f52bee7f40705b9ebdc3d672963198e0dc2855040ea566635272f.exe
-
Size
480KB
-
Sample
240521-xyvx8afe26
-
MD5
27c42de5a24dd9b48b7c1782d22065a0
-
SHA1
cd1c24755a04486aa06f92a306df8b10a8a6d85e
-
SHA256
0459a8e0227f52bee7f40705b9ebdc3d672963198e0dc2855040ea566635272f
-
SHA512
fdcf1b3ef1e6af32519ad26db2cdaedafa30ae04288299ae3a42a991f0f97835aab37ca217843f15eabd4c6b50743d290f757a657f1fd3df8a9e3065f912a494
-
SSDEEP
6144:pjFRiOcXH6XWD0w1tizmtnktLJ6znvxNcCI+1jDIlnJ9+1aTEPTnOK4JKElDn1n:nRDc3yWDNU+YUznzNjElWaT07NQtD1n
Malware Config
Targets
-
-
Target
0459a8e0227f52bee7f40705b9ebdc3d672963198e0dc2855040ea566635272f.exe
-
Size
480KB
-
MD5
27c42de5a24dd9b48b7c1782d22065a0
-
SHA1
cd1c24755a04486aa06f92a306df8b10a8a6d85e
-
SHA256
0459a8e0227f52bee7f40705b9ebdc3d672963198e0dc2855040ea566635272f
-
SHA512
fdcf1b3ef1e6af32519ad26db2cdaedafa30ae04288299ae3a42a991f0f97835aab37ca217843f15eabd4c6b50743d290f757a657f1fd3df8a9e3065f912a494
-
SSDEEP
6144:pjFRiOcXH6XWD0w1tizmtnktLJ6znvxNcCI+1jDIlnJ9+1aTEPTnOK4JKElDn1n:nRDc3yWDNU+YUznzNjElWaT07NQtD1n
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Sets service image path in registry
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1