General
-
Target
732fa069d9ae8e5ba467a4ba9333ae6aca3369c666001a5c6277a7913a605165
-
Size
21KB
-
Sample
240725-221p4a1bnl
-
MD5
71343e5d0d69cad16b43712349b0b13f
-
SHA1
ffec4e94e11b9dab1b500c983dbbf303a919d6c2
-
SHA256
732fa069d9ae8e5ba467a4ba9333ae6aca3369c666001a5c6277a7913a605165
-
SHA512
8dfd94ec4862a9749f873736edf1e00834b186d73f21c32df81133d156809e82145f843b08ec5517a28406683cac1ba8c468b0bc92b0d14727637b1db9f5b1f9
-
SSDEEP
384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXfd37qXf+:rRkiLw3HsDSARGG/1+f+
Malware Config
Targets
-
-
Target
732fa069d9ae8e5ba467a4ba9333ae6aca3369c666001a5c6277a7913a605165
-
Size
21KB
-
MD5
71343e5d0d69cad16b43712349b0b13f
-
SHA1
ffec4e94e11b9dab1b500c983dbbf303a919d6c2
-
SHA256
732fa069d9ae8e5ba467a4ba9333ae6aca3369c666001a5c6277a7913a605165
-
SHA512
8dfd94ec4862a9749f873736edf1e00834b186d73f21c32df81133d156809e82145f843b08ec5517a28406683cac1ba8c468b0bc92b0d14727637b1db9f5b1f9
-
SSDEEP
384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXfd37qXf+:rRkiLw3HsDSARGG/1+f+
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1