General
-
Target
Virus.Sysbot.ATA_virussign.com_bef0e497c009b94458441a8bcd24af8a.exe
-
Size
67KB
-
Sample
240907-prg4savgre
-
MD5
bef0e497c009b94458441a8bcd24af8a
-
SHA1
90e378086d2b808052741c8f4843d4e5c29bc4dc
-
SHA256
3dba17277577ca708ce4df9eb02fedf35798fec80f9740fcbf53a1302b61ce89
-
SHA512
6d13a3137f4171c6124d9a3e8fbf2db88ba2fa531a86c69b802f68cbca9f34450ec31f6804f0cb4988ae4f43aa50f7efba77e820866a4f9827d3ceb01c2a1984
-
SSDEEP
1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1+awJj:ulg35GTslA5t3GawJj
Malware Config
Targets
-
-
Target
Virus.Sysbot.ATA_virussign.com_bef0e497c009b94458441a8bcd24af8a.exe
-
Size
67KB
-
MD5
bef0e497c009b94458441a8bcd24af8a
-
SHA1
90e378086d2b808052741c8f4843d4e5c29bc4dc
-
SHA256
3dba17277577ca708ce4df9eb02fedf35798fec80f9740fcbf53a1302b61ce89
-
SHA512
6d13a3137f4171c6124d9a3e8fbf2db88ba2fa531a86c69b802f68cbca9f34450ec31f6804f0cb4988ae4f43aa50f7efba77e820866a4f9827d3ceb01c2a1984
-
SSDEEP
1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1+awJj:ulg35GTslA5t3GawJj
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1