9a77a96195039c211b22e821183f47a501f3deb402b5c03b744f738150a5626e | Triage

Sharing

General

Target

9a77a96195039c211b22e821183f47a501f3deb402b5c03b744f738150a5626e
Size

91KB
Sample

240523-bbqt4afg79
MD5

02298bc71b17e3cc682468a9e5c9789d
SHA1

ff10519760f8a8ca6b4604c47aefb2fe67f4efde
SHA256

9a77a96195039c211b22e821183f47a501f3deb402b5c03b744f738150a5626e
SHA512

15d5cd9c9d154932a9adc98357f2f0b9fdd15e807a9544c68d312b183b5dcd9fef08436f8422d855be33bd3a538e0f126fdaaf5d14902697bd1c906cb0a84169
SSDEEP

1536:IFAutcCNS1mgnd2y1nrPlGiCcCBEulwHiFAutcCNS1mgnd2y1nrPlGiCcCBEulwN:IpWC4YgBPlGiyll8ipWC4YgBPlGiyllM

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  9a77a96195039c211b22e821183f47a501f3deb402b5c03b744f738150a5626e
- Size
  
  91KB
- MD5
  
  02298bc71b17e3cc682468a9e5c9789d
- SHA1
  
  ff10519760f8a8ca6b4604c47aefb2fe67f4efde
- SHA256
  
  9a77a96195039c211b22e821183f47a501f3deb402b5c03b744f738150a5626e
- SHA512
  
  15d5cd9c9d154932a9adc98357f2f0b9fdd15e807a9544c68d312b183b5dcd9fef08436f8422d855be33bd3a538e0f126fdaaf5d14902697bd1c906cb0a84169
- SSDEEP
  
  1536:IFAutcCNS1mgnd2y1nrPlGiCcCBEulwHiFAutcCNS1mgnd2y1nrPlGiCcCBEulwN:IpWC4YgBPlGiyll8ipWC4YgBPlGiyllM
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables cmd.exe use via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence