General
-
Target
cb166080bccfc128252ac9693620d73826370f2f8ab0b904f950dcb4cd6ebedb
-
Size
211KB
-
Sample
240703-de4lgatfra
-
MD5
f9d7b1397099a1abd0aa246bea66d825
-
SHA1
d29efe421dd5a0a54a2f844c926dd1992f384c7f
-
SHA256
cb166080bccfc128252ac9693620d73826370f2f8ab0b904f950dcb4cd6ebedb
-
SHA512
cca9ef97c1d26aa661ca27d9a910dd990e7391f1ea1f9a595e30d83608539f4e8d00f3c6aca2decd8b10b6eb9941fe75961d7c783b9f814658101b5a39dfde50
-
SSDEEP
3072:vDEPeJlYW1ea8HKHSRUN3jjXs9Y+MiMVB/w68PEAjAfIrAvGPZz6sPJBIiFe/GcP:vSAl1IK1aY+MiMVBSeh
Malware Config
Targets
-
-
Target
cb166080bccfc128252ac9693620d73826370f2f8ab0b904f950dcb4cd6ebedb
-
Size
211KB
-
MD5
f9d7b1397099a1abd0aa246bea66d825
-
SHA1
d29efe421dd5a0a54a2f844c926dd1992f384c7f
-
SHA256
cb166080bccfc128252ac9693620d73826370f2f8ab0b904f950dcb4cd6ebedb
-
SHA512
cca9ef97c1d26aa661ca27d9a910dd990e7391f1ea1f9a595e30d83608539f4e8d00f3c6aca2decd8b10b6eb9941fe75961d7c783b9f814658101b5a39dfde50
-
SSDEEP
3072:vDEPeJlYW1ea8HKHSRUN3jjXs9Y+MiMVB/w68PEAjAfIrAvGPZz6sPJBIiFe/GcP:vSAl1IK1aY+MiMVBSeh
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1