General
-
Target
b4e42fe8229677da9d53fd5fd82d67881c94f200b31d1ab19a4783f6e8f4560c
-
Size
200KB
-
Sample
240523-ckzn2aab76
-
MD5
210ba36f03c91c09af90264c599a0d35
-
SHA1
00e3a226f220560109875c710ac1d48a38a8136b
-
SHA256
b4e42fe8229677da9d53fd5fd82d67881c94f200b31d1ab19a4783f6e8f4560c
-
SHA512
ee6092a0609a57fa1e06ebbd97ab6be81bbdb902da53e5ce44ffc1799688266022b68f0ab96a30c392c182134d3a8d88a91cfedd8b53d18a6cfbab8d5479aa5c
-
SSDEEP
3072:+kWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGWBgS7:+kWXV9wUezUroW+tCmCCfNGd+
Malware Config
Targets
-
-
Target
b4e42fe8229677da9d53fd5fd82d67881c94f200b31d1ab19a4783f6e8f4560c
-
Size
200KB
-
MD5
210ba36f03c91c09af90264c599a0d35
-
SHA1
00e3a226f220560109875c710ac1d48a38a8136b
-
SHA256
b4e42fe8229677da9d53fd5fd82d67881c94f200b31d1ab19a4783f6e8f4560c
-
SHA512
ee6092a0609a57fa1e06ebbd97ab6be81bbdb902da53e5ce44ffc1799688266022b68f0ab96a30c392c182134d3a8d88a91cfedd8b53d18a6cfbab8d5479aa5c
-
SSDEEP
3072:+kWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGWBgS7:+kWXV9wUezUroW+tCmCCfNGd+
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
UPX dump on OEP (original entry point)
-
Drops file in Drivers directory
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1