General
-
Target
25f09e7a45466953a34615a5fbc6312b39a5222eb8d6bb95e89f57bc2334bd1e
-
Size
624KB
-
Sample
240801-1crkfs1dnc
-
MD5
14b4c5168cc9eb39e0cbe83c7a87e37f
-
SHA1
dcf9a453797efbe11f2dfc847270e3494142c456
-
SHA256
25f09e7a45466953a34615a5fbc6312b39a5222eb8d6bb95e89f57bc2334bd1e
-
SHA512
7d539543947c50ac97a8988fc36fc196fed878755bf25204ac70571e491a5ce29ed8e1ec45e6d53e4251ef3d4102339d4bece8199b66ea1d6eb06bb7a7427bf5
-
SSDEEP
12288:50b7bqwCyGXBCPVle82FvkiEEiNlJJJQN0Q:yvbqty+BTiW0Q
Malware Config
Targets
-
-
Target
25f09e7a45466953a34615a5fbc6312b39a5222eb8d6bb95e89f57bc2334bd1e
-
Size
624KB
-
MD5
14b4c5168cc9eb39e0cbe83c7a87e37f
-
SHA1
dcf9a453797efbe11f2dfc847270e3494142c456
-
SHA256
25f09e7a45466953a34615a5fbc6312b39a5222eb8d6bb95e89f57bc2334bd1e
-
SHA512
7d539543947c50ac97a8988fc36fc196fed878755bf25204ac70571e491a5ce29ed8e1ec45e6d53e4251ef3d4102339d4bece8199b66ea1d6eb06bb7a7427bf5
-
SSDEEP
12288:50b7bqwCyGXBCPVle82FvkiEEiNlJJJQN0Q:yvbqty+BTiW0Q
Score10/10-
Modifies WinLogon for persistence
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1AppInit DLLs
1Scheduled Task/Job
1Scheduled Task
1