General
-
Target
8cfac7be017f4c29333dd10bee7e4dce80a4c82734125ef6de4baedf65db70ad
-
Size
57KB
-
Sample
240805-3y6bvasfnp
-
MD5
ea4d08376149f136799d8692c4d08bd8
-
SHA1
2da2228086e3dc0322d4a8388b2af86ab01f9025
-
SHA256
8cfac7be017f4c29333dd10bee7e4dce80a4c82734125ef6de4baedf65db70ad
-
SHA512
53b1b77a89d8d4ddd005823e21d1aa7a5e209130f529dedbc17705b4e97b1f246e7f59cb8ae41625917112e0c3e08d19b80f3294bbd4334ab52e810cda75def3
-
SSDEEP
768:Nh5sxVPFXfgaDjof4ZgHqLNhldu8pGTUTY26TsGrn5wFbUzMsPzB5aXwekfp:NHsxFJfgaDjofVKn1pGwTJOlw1Urmwl
Malware Config
Targets
-
-
Target
8cfac7be017f4c29333dd10bee7e4dce80a4c82734125ef6de4baedf65db70ad
-
Size
57KB
-
MD5
ea4d08376149f136799d8692c4d08bd8
-
SHA1
2da2228086e3dc0322d4a8388b2af86ab01f9025
-
SHA256
8cfac7be017f4c29333dd10bee7e4dce80a4c82734125ef6de4baedf65db70ad
-
SHA512
53b1b77a89d8d4ddd005823e21d1aa7a5e209130f529dedbc17705b4e97b1f246e7f59cb8ae41625917112e0c3e08d19b80f3294bbd4334ab52e810cda75def3
-
SSDEEP
768:Nh5sxVPFXfgaDjof4ZgHqLNhldu8pGTUTY26TsGrn5wFbUzMsPzB5aXwekfp:NHsxFJfgaDjofVKn1pGwTJOlw1Urmwl
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Disables use of System Restore points
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2Event Triggered Execution
1Change Default File Association
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
9