General

  • Target

    ebd79f5e8d9fc747f5d17972a81009e327610aa5af33f0b2f0c428ae864793c0

  • Size

    159KB

  • Sample

    240614-gcg68sxapg

  • MD5

    57d9e65deb45e6cdd1aa177ad9628785

  • SHA1

    b8a1b46b455a03cb4d4a7eed05a425f91153e257

  • SHA256

    ebd79f5e8d9fc747f5d17972a81009e327610aa5af33f0b2f0c428ae864793c0

  • SHA512

    1b397892f054381f7fd4581d6ad1e6a88c5a919e4b53de93ba8fbf557651fc32c8b2f7847e4c7ca1f22a6722c310a76db73508f88835748010a932f731c9c2b6

  • SSDEEP

    3072:g/5F/E7tEf0E+p+tYlpJH7iXQNgggHlxDZiYLK5WpYq:ghF4c5+wWJH7igNgjdFKsB

Score
10/10

Malware Config

Targets

    • Target

      ebd79f5e8d9fc747f5d17972a81009e327610aa5af33f0b2f0c428ae864793c0

    • Size

      159KB

    • MD5

      57d9e65deb45e6cdd1aa177ad9628785

    • SHA1

      b8a1b46b455a03cb4d4a7eed05a425f91153e257

    • SHA256

      ebd79f5e8d9fc747f5d17972a81009e327610aa5af33f0b2f0c428ae864793c0

    • SHA512

      1b397892f054381f7fd4581d6ad1e6a88c5a919e4b53de93ba8fbf557651fc32c8b2f7847e4c7ca1f22a6722c310a76db73508f88835748010a932f731c9c2b6

    • SSDEEP

      3072:g/5F/E7tEf0E+p+tYlpJH7iXQNgggHlxDZiYLK5WpYq:ghF4c5+wWJH7igNgjdFKsB

    Score
    10/10
    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Detects executables built or packed with MPress PE compressor

    • Disables RegEdit via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks