General
-
Target
034e4bab6ab3be79e291f21c884ebe162b2fcd2747ec0c00e30e1c0ea4ba70e1
-
Size
70KB
-
Sample
240908-wq26wszcpl
-
MD5
e5eb7a28de47cc97a9f8a729f6101b39
-
SHA1
b2bb5d627fec1e52f10f13ef05d0c3d7e80704c9
-
SHA256
034e4bab6ab3be79e291f21c884ebe162b2fcd2747ec0c00e30e1c0ea4ba70e1
-
SHA512
cf4084e650cde5c179164044b9c677cb63f0381446342402f7130ee0ba034d252d6525ddc4f10d9bb78fd9ad572d82d258046d522d3369b2dc8b0af4dd83dd2b
-
SSDEEP
1536:x0PMkmQgitNDBThJz0J+TdrIreROg/pP0F3UgOkFDWI5wz:XkmQ9tNdThJIJ+ea8WpwUgOyDC
Malware Config
Targets
-
-
Target
034e4bab6ab3be79e291f21c884ebe162b2fcd2747ec0c00e30e1c0ea4ba70e1
-
Size
70KB
-
MD5
e5eb7a28de47cc97a9f8a729f6101b39
-
SHA1
b2bb5d627fec1e52f10f13ef05d0c3d7e80704c9
-
SHA256
034e4bab6ab3be79e291f21c884ebe162b2fcd2747ec0c00e30e1c0ea4ba70e1
-
SHA512
cf4084e650cde5c179164044b9c677cb63f0381446342402f7130ee0ba034d252d6525ddc4f10d9bb78fd9ad572d82d258046d522d3369b2dc8b0af4dd83dd2b
-
SSDEEP
1536:x0PMkmQgitNDBThJz0J+TdrIreROg/pP0F3UgOkFDWI5wz:XkmQ9tNdThJIJ+ea8WpwUgOyDC
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1