General
-
Target
e0a310faf96da27aa92067a5db7de09af060800a4087b101e1ed51ee00f9f5df
-
Size
67KB
-
Sample
240726-e91czazepg
-
MD5
ccc2f9ce1b0d23dd59d4e63f5e305880
-
SHA1
c6db1c5ace09f5423cdb6f7e267d529d50fab419
-
SHA256
e0a310faf96da27aa92067a5db7de09af060800a4087b101e1ed51ee00f9f5df
-
SHA512
0bff4d2ba3d942e97bab26ab80d8d841edec793e94881f4f15733cec01243ec057ad63b941568a233b291074dc4cedf9e1a00e74fe569c34aade11366e83ef92
-
SSDEEP
1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1+aw+U:ulg35GTslA5t3Gaw+U
Malware Config
Targets
-
-
Target
e0a310faf96da27aa92067a5db7de09af060800a4087b101e1ed51ee00f9f5df
-
Size
67KB
-
MD5
ccc2f9ce1b0d23dd59d4e63f5e305880
-
SHA1
c6db1c5ace09f5423cdb6f7e267d529d50fab419
-
SHA256
e0a310faf96da27aa92067a5db7de09af060800a4087b101e1ed51ee00f9f5df
-
SHA512
0bff4d2ba3d942e97bab26ab80d8d841edec793e94881f4f15733cec01243ec057ad63b941568a233b291074dc4cedf9e1a00e74fe569c34aade11366e83ef92
-
SSDEEP
1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1+aw+U:ulg35GTslA5t3Gaw+U
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1