General
-
Target
73e1903441491c59a4e3b920d94228c0N.exe
-
Size
48KB
-
Sample
240825-rapteazbkj
-
MD5
73e1903441491c59a4e3b920d94228c0
-
SHA1
e05c722dd75bc807d411e29675faa347d4603c3a
-
SHA256
db9e05516bd71e19aee3a7b60a556a9ed53a2e45f26c3f48e88aaa9288215cdc
-
SHA512
d076794d424f3dfcd774935d85e9dfc1246e08226258400d2af0904c14aca36c628f84238bd71197050e561d289059d6867afd47e1756672483570f6158cc7fa
-
SSDEEP
768:jIU3pKDiX7BvFOWTkaynH+ER06JryAGUgqC8SUxnF3Os0:jf7FFHQ/H+GcR8xnF390
Malware Config
Targets
-
-
Target
73e1903441491c59a4e3b920d94228c0N.exe
-
Size
48KB
-
MD5
73e1903441491c59a4e3b920d94228c0
-
SHA1
e05c722dd75bc807d411e29675faa347d4603c3a
-
SHA256
db9e05516bd71e19aee3a7b60a556a9ed53a2e45f26c3f48e88aaa9288215cdc
-
SHA512
d076794d424f3dfcd774935d85e9dfc1246e08226258400d2af0904c14aca36c628f84238bd71197050e561d289059d6867afd47e1756672483570f6158cc7fa
-
SSDEEP
768:jIU3pKDiX7BvFOWTkaynH+ER06JryAGUgqC8SUxnF3Os0:jf7FFHQ/H+GcR8xnF390
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1