General
-
Target
Module.dll
-
Size
1.3MB
-
Sample
240810-hlsvrszcln
-
MD5
157fd035b2a344a94166d7db3756df0e
-
SHA1
f221d28c1deb80b4e8d9201226435aefce6b0f75
-
SHA256
8716c75aff75941711aff8770836f47eb9a254416089ef3571c6fc9a338b3009
-
SHA512
fad0174fbd22f58dd4fcdaad8378c214270b4faeaca64d9cb306f50e9316072a4c417c5723c4123b8bf94a3dba6ef4e3303ec60f4a2cf0c3a54d8ab375ea717d
-
SSDEEP
24576:ZqBSLRktEBl6blwTUMD4zB1VU2bFjYWR0pMQUAqLRAovh4bSAXVVRNRfMXZO:ZqBSLRkt8l6blSU//+2bFfvA1SQVVRNk
Static task
static1
Behavioral task
behavioral1
Sample
Module.dll
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
Module.dll
-
Size
1.3MB
-
MD5
157fd035b2a344a94166d7db3756df0e
-
SHA1
f221d28c1deb80b4e8d9201226435aefce6b0f75
-
SHA256
8716c75aff75941711aff8770836f47eb9a254416089ef3571c6fc9a338b3009
-
SHA512
fad0174fbd22f58dd4fcdaad8378c214270b4faeaca64d9cb306f50e9316072a4c417c5723c4123b8bf94a3dba6ef4e3303ec60f4a2cf0c3a54d8ab375ea717d
-
SSDEEP
24576:ZqBSLRktEBl6blwTUMD4zB1VU2bFjYWR0pMQUAqLRAovh4bSAXVVRNRfMXZO:ZqBSLRkt8l6blSU//+2bFfvA1SQVVRNk
Score10/10-
Modifies WinLogon for persistence
-
Downloads MZ/PE file
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2Defense Evasion
Impair Defenses
1Safe Mode Boot
1Modify Registry
5Subvert Trust Controls
2SIP and Trust Provider Hijacking
2