General
-
Target
df0f99f0f60ec55cbdaf3748a5ece4afcd2ab0e5e205b99154330507ee1e3094
-
Size
51KB
-
Sample
240803-ematsssfnp
-
MD5
65b6ebacae735daf8b17e2cabd55ce76
-
SHA1
04eb6a3a5428b23eb1827f31f0d05459dd19db83
-
SHA256
df0f99f0f60ec55cbdaf3748a5ece4afcd2ab0e5e205b99154330507ee1e3094
-
SHA512
ef7529d840cf820f93aee0c1ee26a66efa104792c7f8cfb415fac4c64241f132861a462ef0c3b33c8ece4ab1fafc01e040aa751dedb4cf22bf28b397fb39a825
-
SSDEEP
768:nNAGAkIo/juokwoL7627d9rIiClJAxiFkJT22euOiya6lHOYxY0x0KS3UdfdfdfZ:nNJb/HkwoLe29UjQ4wqQOLIMVnS3o
Malware Config
Targets
-
-
Target
df0f99f0f60ec55cbdaf3748a5ece4afcd2ab0e5e205b99154330507ee1e3094
-
Size
51KB
-
MD5
65b6ebacae735daf8b17e2cabd55ce76
-
SHA1
04eb6a3a5428b23eb1827f31f0d05459dd19db83
-
SHA256
df0f99f0f60ec55cbdaf3748a5ece4afcd2ab0e5e205b99154330507ee1e3094
-
SHA512
ef7529d840cf820f93aee0c1ee26a66efa104792c7f8cfb415fac4c64241f132861a462ef0c3b33c8ece4ab1fafc01e040aa751dedb4cf22bf28b397fb39a825
-
SSDEEP
768:nNAGAkIo/juokwoL7627d9rIiClJAxiFkJT22euOiya6lHOYxY0x0KS3UdfdfdfZ:nNJb/HkwoLe29UjQ4wqQOLIMVnS3o
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4