General
-
Target
crazyCore.exe
-
Size
8.6MB
-
Sample
240523-n1n31sfd44
-
MD5
5245c7ab0c998313bade154469cdc5a9
-
SHA1
47641f1c4e8ae5b9e99c7dd03217c1947a22c152
-
SHA256
4d6dbeba848f5727ab4d9295fc5e5e2c3f287a9950ad5479ce88be4a888e2757
-
SHA512
6775b625c692be0d98d0c419d37c88ae9ebe9e6e536873958e083e40035fb6fda80f8b246bb80e822aa00a9e1c996318e21cf0cdffacd1dc4ed948ff2f5bc6f3
-
SSDEEP
49152:vaMgaH2bmMjbwsd8CCvpX4AjerBV1RphcNwhIF/7MoxYivZcuLH/vpJBXnyh:M
Malware Config
Targets
-
-
Target
crazyCore.exe
-
Size
8.6MB
-
MD5
5245c7ab0c998313bade154469cdc5a9
-
SHA1
47641f1c4e8ae5b9e99c7dd03217c1947a22c152
-
SHA256
4d6dbeba848f5727ab4d9295fc5e5e2c3f287a9950ad5479ce88be4a888e2757
-
SHA512
6775b625c692be0d98d0c419d37c88ae9ebe9e6e536873958e083e40035fb6fda80f8b246bb80e822aa00a9e1c996318e21cf0cdffacd1dc4ed948ff2f5bc6f3
-
SSDEEP
49152:vaMgaH2bmMjbwsd8CCvpX4AjerBV1RphcNwhIF/7MoxYivZcuLH/vpJBXnyh:M
Score10/10-
Modifies WinLogon for persistence
-
Modifies Windows Defender notification settings
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify Tools
1Modify Registry
2