General
-
Target
Skinchanger.exe
-
Size
503KB
-
Sample
240805-sc1jcstcld
-
MD5
a31499a51d98949c002bf07a1f9430a7
-
SHA1
5af999343e3a9849b2c911732163e7ec1be8d284
-
SHA256
5763f72b8578f7bbf16a4aab0e8aa476815275bf1f85d2266859dd81d7c9b7cf
-
SHA512
10581919f3149a8c1cbeb4114ad42c4e3bfac742148a901ce22e88bcbdafe7c2810f0f20bd60a506ba92856a8023f3f3cf7bd8653566773a49d7ba7822506722
-
SSDEEP
6144:Oe86D4AB4ibqHBxZLWIBe6VlWT8b9IHo54K/Wzr/kbS7o8gtxyY8jg5I8ebSd:J5B8KSPVle8WHf8jvtve
Malware Config
Targets
-
-
Target
Skinchanger.exe
-
Size
503KB
-
MD5
a31499a51d98949c002bf07a1f9430a7
-
SHA1
5af999343e3a9849b2c911732163e7ec1be8d284
-
SHA256
5763f72b8578f7bbf16a4aab0e8aa476815275bf1f85d2266859dd81d7c9b7cf
-
SHA512
10581919f3149a8c1cbeb4114ad42c4e3bfac742148a901ce22e88bcbdafe7c2810f0f20bd60a506ba92856a8023f3f3cf7bd8653566773a49d7ba7822506722
-
SSDEEP
6144:Oe86D4AB4ibqHBxZLWIBe6VlWT8b9IHo54K/Wzr/kbS7o8gtxyY8jg5I8ebSd:J5B8KSPVle8WHf8jvtve
Score10/10-
Modifies WinLogon for persistence
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1AppInit DLLs
1Scheduled Task/Job
1Scheduled Task
1