General

  • Target

    0529aed60c59ff282ee8dceda999a1164176ce45e15cd417c1eb61856fd0d216

  • Size

    66KB

  • Sample

    240603-wxedeafg36

  • MD5

    353e9f24b1635b06e82a705e6921c601

  • SHA1

    58e80e902d753e9e441ed63dc9ea7ae4cc4f8fdf

  • SHA256

    0529aed60c59ff282ee8dceda999a1164176ce45e15cd417c1eb61856fd0d216

  • SHA512

    0028a2ad1797e19e66bc5d0e397467a60159f926cf8e9c4e67dbe4db37ed921252ea0a50fc5bc647d240d808165957a2f637128363e31c56565f3a870df42d0c

  • SSDEEP

    1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXim:IeklMMYJhqezw/pXzH9im

Score
10/10

Malware Config

Targets

    • Target

      0529aed60c59ff282ee8dceda999a1164176ce45e15cd417c1eb61856fd0d216

    • Size

      66KB

    • MD5

      353e9f24b1635b06e82a705e6921c601

    • SHA1

      58e80e902d753e9e441ed63dc9ea7ae4cc4f8fdf

    • SHA256

      0529aed60c59ff282ee8dceda999a1164176ce45e15cd417c1eb61856fd0d216

    • SHA512

      0028a2ad1797e19e66bc5d0e397467a60159f926cf8e9c4e67dbe4db37ed921252ea0a50fc5bc647d240d808165957a2f637128363e31c56565f3a870df42d0c

    • SSDEEP

      1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXim:IeklMMYJhqezw/pXzH9im

    Score
    10/10
    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

4
T1112

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Discovery

System Information Discovery

1
T1082

Tasks