General
-
Target
RivalsExternal.exe
-
Size
509KB
-
Sample
240919-fh6lcasbpl
-
MD5
7b2f0c8112aa9498c864fccd3a5258d5
-
SHA1
8b44fccfdf873a69fe3f51cba9b9a7b00f77b4c0
-
SHA256
ce75fa27bc67730f94d5503ded4ec7c22c1a72add103cea29ccdc7dc3361f8e8
-
SHA512
5711eb921e865232da2fe242e5ffac42aabb3cbbc6ee6b1799818a7a6bf38b33ff0454bbc63c6eac53bc23826c36ab32a388bf65ca77cf3f6bf4aa7e6d5ed869
-
SSDEEP
6144:mx22P7Ue3e1fe6VlWT8b9t6+Sb4+t5zWov8blZ7FbNo:mA2TvkfPVle8n6+IvsjNo
Malware Config
Targets
-
-
Target
RivalsExternal.exe
-
Size
509KB
-
MD5
7b2f0c8112aa9498c864fccd3a5258d5
-
SHA1
8b44fccfdf873a69fe3f51cba9b9a7b00f77b4c0
-
SHA256
ce75fa27bc67730f94d5503ded4ec7c22c1a72add103cea29ccdc7dc3361f8e8
-
SHA512
5711eb921e865232da2fe242e5ffac42aabb3cbbc6ee6b1799818a7a6bf38b33ff0454bbc63c6eac53bc23826c36ab32a388bf65ca77cf3f6bf4aa7e6d5ed869
-
SSDEEP
6144:mx22P7Ue3e1fe6VlWT8b9t6+Sb4+t5zWov8blZ7FbNo:mA2TvkfPVle8n6+IvsjNo
Score10/10-
Modifies WinLogon for persistence
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1AppInit DLLs
1Scheduled Task/Job
1Scheduled Task
1