General
-
Target
ca0f505b0010a26226f9b1f47ef48fe0688b163d13aea8da095b746c3c989a55
-
Size
206KB
-
Sample
240812-cqwvbsvepa
-
MD5
7cc69dce9b289f96d0d1bf3009f405c5
-
SHA1
872f976fd2af8b4e95532d9c6f8b8a0242cc2f05
-
SHA256
ca0f505b0010a26226f9b1f47ef48fe0688b163d13aea8da095b746c3c989a55
-
SHA512
163a48c2224f72fe9d62411f4b4b0dbdb2c0b360bc6aa44d92c9aab14bf0ba288ae1eb60814d8dac4feeec2214b30687d1e3e683e442b93360c124de909d9625
-
SSDEEP
3072:zvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6un+:zvEN2U+T6i5LirrllHy4HUcMQY6X
Malware Config
Targets
-
-
Target
ca0f505b0010a26226f9b1f47ef48fe0688b163d13aea8da095b746c3c989a55
-
Size
206KB
-
MD5
7cc69dce9b289f96d0d1bf3009f405c5
-
SHA1
872f976fd2af8b4e95532d9c6f8b8a0242cc2f05
-
SHA256
ca0f505b0010a26226f9b1f47ef48fe0688b163d13aea8da095b746c3c989a55
-
SHA512
163a48c2224f72fe9d62411f4b4b0dbdb2c0b360bc6aa44d92c9aab14bf0ba288ae1eb60814d8dac4feeec2214b30687d1e3e683e442b93360c124de909d9625
-
SSDEEP
3072:zvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6un+:zvEN2U+T6i5LirrllHy4HUcMQY6X
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4