General

  • Target

    9ff5d37a9062f664e46efe684f2880f82652519feb6038a23a4f71f19babe66c

  • Size

    21KB

  • Sample

    240901-a46wcaveqn

  • MD5

    f290d6c9882589cd222714de451c2b73

  • SHA1

    3c33384ba28b2c694c54cc48d683a1727e473b2b

  • SHA256

    9ff5d37a9062f664e46efe684f2880f82652519feb6038a23a4f71f19babe66c

  • SHA512

    d7f8d84cf4a07fa668a8f01927ec53343949070598da26261e90ab604004f093f88029abea785534fe6d5ed26cd241785c0912b8a36906c7e5588458c6a9f2eb

  • SSDEEP

    384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXe+dEsu:rRkiLw3HsDSARGG/O+2R

Malware Config

Targets

    • Target

      9ff5d37a9062f664e46efe684f2880f82652519feb6038a23a4f71f19babe66c

    • Size

      21KB

    • MD5

      f290d6c9882589cd222714de451c2b73

    • SHA1

      3c33384ba28b2c694c54cc48d683a1727e473b2b

    • SHA256

      9ff5d37a9062f664e46efe684f2880f82652519feb6038a23a4f71f19babe66c

    • SHA512

      d7f8d84cf4a07fa668a8f01927ec53343949070598da26261e90ab604004f093f88029abea785534fe6d5ed26cd241785c0912b8a36906c7e5588458c6a9f2eb

    • SSDEEP

      384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXe+dEsu:rRkiLw3HsDSARGG/O+2R

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks