General
-
Target
500509e004968bed9230b2edd6ae7a40N.exe
-
Size
206KB
-
Sample
240825-bsg9aa1blh
-
MD5
500509e004968bed9230b2edd6ae7a40
-
SHA1
b03e92ae2cf925ba8585d04b391abc3efd624e30
-
SHA256
dba5683a94873c759c8a4318add4bdf23452cc9941033580a3d093e385ba8a15
-
SHA512
ab4541f82a2007e2db5fd4caf1dab6dc671940761b21c1fab3a4a9f48ce7a995ce86db709971e56775ab519097ed97e510139e621c18db05abd64d5c4e721798
-
SSDEEP
3072:MvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6un59:MvEN2U+T6i5LirrllHy4HUcMQY6O
Malware Config
Targets
-
-
Target
500509e004968bed9230b2edd6ae7a40N.exe
-
Size
206KB
-
MD5
500509e004968bed9230b2edd6ae7a40
-
SHA1
b03e92ae2cf925ba8585d04b391abc3efd624e30
-
SHA256
dba5683a94873c759c8a4318add4bdf23452cc9941033580a3d093e385ba8a15
-
SHA512
ab4541f82a2007e2db5fd4caf1dab6dc671940761b21c1fab3a4a9f48ce7a995ce86db709971e56775ab519097ed97e510139e621c18db05abd64d5c4e721798
-
SSDEEP
3072:MvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6un59:MvEN2U+T6i5LirrllHy4HUcMQY6O
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4