General
-
Target
6babcd8c912825f47991428299662b90N.exe
-
Size
68KB
-
Sample
240821-e4s2pstekl
-
MD5
6babcd8c912825f47991428299662b90
-
SHA1
a3c0183e6b2fa73e75302a33f2f38cb265b77916
-
SHA256
c4409ef9b01dfbdc636543aa7ae9593b4a9a746b8a93aa89869a9579bd3be3b6
-
SHA512
819d98b1cc4db9dd3af847df792c0a90025fdafb0a956e04deb5b7f076180d227b86d803bb2e9e1a1cff409f424dd5a2c992f884b5d7dfc3eea6f7c7eb04b90c
-
SSDEEP
1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8N:Olg35GTslA5t3/w8N
Malware Config
Targets
-
-
Target
6babcd8c912825f47991428299662b90N.exe
-
Size
68KB
-
MD5
6babcd8c912825f47991428299662b90
-
SHA1
a3c0183e6b2fa73e75302a33f2f38cb265b77916
-
SHA256
c4409ef9b01dfbdc636543aa7ae9593b4a9a746b8a93aa89869a9579bd3be3b6
-
SHA512
819d98b1cc4db9dd3af847df792c0a90025fdafb0a956e04deb5b7f076180d227b86d803bb2e9e1a1cff409f424dd5a2c992f884b5d7dfc3eea6f7c7eb04b90c
-
SSDEEP
1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8N:Olg35GTslA5t3/w8N
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1