General
-
Target
Funk.exe
-
Size
1.2MB
-
Sample
240628-p8qggstdpn
-
MD5
16ae310b82d8c97b1109ef8441e7804c
-
SHA1
28575cb85757148503be1ba66020d410ea4a637e
-
SHA256
ff086d3b8ae0fa36ab7eeb8403d2c3679c11679a9daa77b742bc04dd623a7593
-
SHA512
0c7a354e853e75b50ad216df39db969c1b79fadd5e5c467fe23ff03ed69831d28405141827df47a301987ad2129cd00a6482ee2b00982579ae7ba7b6608538c8
-
SSDEEP
24576:053uhFzvId2DW/xbqX2YIbzQsu3/PNLIQFHyBvGThpZYM:05+hFQ2EmXGQsW/PN0QNlZn
Malware Config
Targets
-
-
Target
Funk.exe
-
Size
1.2MB
-
MD5
16ae310b82d8c97b1109ef8441e7804c
-
SHA1
28575cb85757148503be1ba66020d410ea4a637e
-
SHA256
ff086d3b8ae0fa36ab7eeb8403d2c3679c11679a9daa77b742bc04dd623a7593
-
SHA512
0c7a354e853e75b50ad216df39db969c1b79fadd5e5c467fe23ff03ed69831d28405141827df47a301987ad2129cd00a6482ee2b00982579ae7ba7b6608538c8
-
SSDEEP
24576:053uhFzvId2DW/xbqX2YIbzQsu3/PNLIQFHyBvGThpZYM:05+hFQ2EmXGQsW/PN0QNlZn
Score10/10-
Modifies security service
-
Event Triggered Execution: Image File Execution Options Injection
-
Sets service image path in registry
-
Executes dropped EXE
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1