General
-
Target
de4bf050551c8b0e112125383f13f9751f6738a899d666be333aa926bddcc4e4N
-
Size
211KB
-
Sample
240920-3b1g3stenf
-
MD5
faf69e2c0040a8b0f62b8d1a7915b6c0
-
SHA1
9d54a8c0d6ccb3a008a970127015938e87fe1499
-
SHA256
de4bf050551c8b0e112125383f13f9751f6738a899d666be333aa926bddcc4e4
-
SHA512
ea58dbcc31b8944339bf7bb1f0cda2c0a0d64475f446dc23b82a05072c27c10ed5990f47e34e807094d676254f394b034201bc77aea9ed0ddff4fb9ad417d72e
-
SSDEEP
3072:WD6Xtx68yygRBE52mxkEOHLRMpZ4deth8PEAjAfIbAYGPhz6sPJBInxZqOR:Wh8cBzHLRMpZ4d1ZR
Malware Config
Targets
-
-
Target
de4bf050551c8b0e112125383f13f9751f6738a899d666be333aa926bddcc4e4N
-
Size
211KB
-
MD5
faf69e2c0040a8b0f62b8d1a7915b6c0
-
SHA1
9d54a8c0d6ccb3a008a970127015938e87fe1499
-
SHA256
de4bf050551c8b0e112125383f13f9751f6738a899d666be333aa926bddcc4e4
-
SHA512
ea58dbcc31b8944339bf7bb1f0cda2c0a0d64475f446dc23b82a05072c27c10ed5990f47e34e807094d676254f394b034201bc77aea9ed0ddff4fb9ad417d72e
-
SSDEEP
3072:WD6Xtx68yygRBE52mxkEOHLRMpZ4deth8PEAjAfIbAYGPhz6sPJBInxZqOR:Wh8cBzHLRMpZ4d1ZR
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4