General
-
Target
RedTiger.exe
-
Size
353KB
-
Sample
240712-x1wbrsygkd
-
MD5
381bc7a2d8602a2ba0acb4d4dd5fb590
-
SHA1
59ed84e67909d4932e7d5b967148c79a366cf3a4
-
SHA256
336a8e2e17cc7b9ec5149e1f2c0bf4889ee7b3b4b43f8fa8eb250d423420e6d3
-
SHA512
fa2859df2afd56892e4c1cb93bb2e76f362b1f6bb7da0513e778c8577c68dbe5a918f71a296a642b6f7f9959d7e54e0654f392d68fab3ff3a1372d76137b2ee0
-
SSDEEP
3072:XcuytJ2npDaxVJCoPe5AlyGhZhNeN3w/jhlhE1Z8Nig9Sa8prNs90X1/sOlakNfz:GuKCOhve6VlWT8b9Spprr10OlLwbk2
Malware Config
Targets
-
-
Target
RedTiger.exe
-
Size
353KB
-
MD5
381bc7a2d8602a2ba0acb4d4dd5fb590
-
SHA1
59ed84e67909d4932e7d5b967148c79a366cf3a4
-
SHA256
336a8e2e17cc7b9ec5149e1f2c0bf4889ee7b3b4b43f8fa8eb250d423420e6d3
-
SHA512
fa2859df2afd56892e4c1cb93bb2e76f362b1f6bb7da0513e778c8577c68dbe5a918f71a296a642b6f7f9959d7e54e0654f392d68fab3ff3a1372d76137b2ee0
-
SSDEEP
3072:XcuytJ2npDaxVJCoPe5AlyGhZhNeN3w/jhlhE1Z8Nig9Sa8prNs90X1/sOlakNfz:GuKCOhve6VlWT8b9Spprr10OlLwbk2
Score10/10-
Modifies WinLogon for persistence
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1AppInit DLLs
1Scheduled Task/Job
1Scheduled Task
1