General

  • Target

    03f03e6a9724d4c46c17c085aab0136097a77071a2f9fac9bf6ffa25e2693ae7

  • Size

    45KB

  • Sample

    240603-wt77baff77

  • MD5

    1505c8d5dd341121bfa3bda87374e524

  • SHA1

    7ccf711e556fe4779bff7a0b4f7ed6ae3c14f661

  • SHA256

    03f03e6a9724d4c46c17c085aab0136097a77071a2f9fac9bf6ffa25e2693ae7

  • SHA512

    a6f163404556aad361844866fb2b89e53bcf325513a0ff650385cc7da8bd2e22fb9e8dc5776524912f730ca2d4b3d9aacb9371a4766382a0cdb013a27b0ef653

  • SSDEEP

    768:WAUJmQCcmLCXQq6fsKiJYsIkjJVzqsVG5kuGVAQvKMb7rX:RUNHFKQbIkHvGkAFu77

Malware Config

Targets

    • Target

      03f03e6a9724d4c46c17c085aab0136097a77071a2f9fac9bf6ffa25e2693ae7

    • Size

      45KB

    • MD5

      1505c8d5dd341121bfa3bda87374e524

    • SHA1

      7ccf711e556fe4779bff7a0b4f7ed6ae3c14f661

    • SHA256

      03f03e6a9724d4c46c17c085aab0136097a77071a2f9fac9bf6ffa25e2693ae7

    • SHA512

      a6f163404556aad361844866fb2b89e53bcf325513a0ff650385cc7da8bd2e22fb9e8dc5776524912f730ca2d4b3d9aacb9371a4766382a0cdb013a27b0ef653

    • SSDEEP

      768:WAUJmQCcmLCXQq6fsKiJYsIkjJVzqsVG5kuGVAQvKMb7rX:RUNHFKQbIkHvGkAFu77

    • Windows security bypass

    • Drops file in Drivers directory

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Modify Registry

5
T1112

Tasks