General
-
Target
sample
-
Size
19KB
-
Sample
240818-z9gabaybll
-
MD5
12e4aba6187f90725ff352c162c7f70c
-
SHA1
044ce13941760b38c5b2562858fb67735afb8c6c
-
SHA256
fe43b43626730d6a9f1f8a88ca374873c45aea162bcb03aa75bcbec9ac59546c
-
SHA512
05fb713dea06249ce3f80b349f9aca3e46b2ccab5accbeb077d12fd3baf60b95eb17f532423990d916a001ca5e5a56c307b2ac6e41b3132e70f2ec3dfcc536ce
-
SSDEEP
384:s86spa1ocy4/4lbGa5MvhpNvl9ub1S2m0Y3Y06Ib3Vfy1xCejiw:U1ocy4AEaOJpNt9Y3Y3Y06O3lExPiw
Malware Config
Targets
-
-
Target
sample
-
Size
19KB
-
MD5
12e4aba6187f90725ff352c162c7f70c
-
SHA1
044ce13941760b38c5b2562858fb67735afb8c6c
-
SHA256
fe43b43626730d6a9f1f8a88ca374873c45aea162bcb03aa75bcbec9ac59546c
-
SHA512
05fb713dea06249ce3f80b349f9aca3e46b2ccab5accbeb077d12fd3baf60b95eb17f532423990d916a001ca5e5a56c307b2ac6e41b3132e70f2ec3dfcc536ce
-
SSDEEP
384:s86spa1ocy4/4lbGa5MvhpNvl9ub1S2m0Y3Y06Ib3Vfy1xCejiw:U1ocy4AEaOJpNt9Y3Y3Y06O3lExPiw
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Disables RegEdit via registry modification
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4