General
-
Target
2044b54d16d95599ec08923f459bcf5d86f8bbd4c1e59f2139634b74e99f00af
-
Size
387KB
-
Sample
240712-yjtx2sxfnl
-
MD5
fd8bdc133c13803d79bcaedc02e17492
-
SHA1
eeb143bcc10f2c470bb84d6e84d74d6b10919a98
-
SHA256
2044b54d16d95599ec08923f459bcf5d86f8bbd4c1e59f2139634b74e99f00af
-
SHA512
42cdef0cfe50093c0fe96def390fbb6a6857e36caee687b1d66f7cc15185d5adb91b0260b7559db3d1872aa7047bcd3417c705f341c55ca56c694bdc1f6397c5
-
SSDEEP
6144:GComZVzuwvWxvr0Fwe6VlWT8b9LKHXwX2jbcn3S8:GComZBuxQGPVle8c6N
Malware Config
Targets
-
-
Target
2044b54d16d95599ec08923f459bcf5d86f8bbd4c1e59f2139634b74e99f00af
-
Size
387KB
-
MD5
fd8bdc133c13803d79bcaedc02e17492
-
SHA1
eeb143bcc10f2c470bb84d6e84d74d6b10919a98
-
SHA256
2044b54d16d95599ec08923f459bcf5d86f8bbd4c1e59f2139634b74e99f00af
-
SHA512
42cdef0cfe50093c0fe96def390fbb6a6857e36caee687b1d66f7cc15185d5adb91b0260b7559db3d1872aa7047bcd3417c705f341c55ca56c694bdc1f6397c5
-
SSDEEP
6144:GComZVzuwvWxvr0Fwe6VlWT8b9LKHXwX2jbcn3S8:GComZBuxQGPVle8c6N
Score10/10-
Modifies WinLogon for persistence
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1AppInit DLLs
1Scheduled Task/Job
1Scheduled Task
1