General
-
Target
58b02d0eb1e58564c274e82b3aedcad163dbfbbdd25c8ddd8155d15053773e1bN
-
Size
503KB
-
Sample
240920-hfc75atbla
-
MD5
ebe4fd3691956df84f935c1b2f895e30
-
SHA1
58c7cbf3ff51c18c7f9adb334e16f50bf1d0033f
-
SHA256
58b02d0eb1e58564c274e82b3aedcad163dbfbbdd25c8ddd8155d15053773e1b
-
SHA512
1031d7e9c6e8c30b08f27b172f195f087e139245ebf7b6d302d8484408b015de8af0bab3fd13958f0f425e75243a5996352cf30f6d4d8ddc128ad5cf1f3ff6da
-
SSDEEP
12288:3ENN+T5xYrllrU7QY6CRYiioQzhGTRKhWcFc9f:N5xolYQY6yYjJzhgKhWcFc9f
Malware Config
Targets
-
-
Target
58b02d0eb1e58564c274e82b3aedcad163dbfbbdd25c8ddd8155d15053773e1bN
-
Size
503KB
-
MD5
ebe4fd3691956df84f935c1b2f895e30
-
SHA1
58c7cbf3ff51c18c7f9adb334e16f50bf1d0033f
-
SHA256
58b02d0eb1e58564c274e82b3aedcad163dbfbbdd25c8ddd8155d15053773e1b
-
SHA512
1031d7e9c6e8c30b08f27b172f195f087e139245ebf7b6d302d8484408b015de8af0bab3fd13958f0f425e75243a5996352cf30f6d4d8ddc128ad5cf1f3ff6da
-
SSDEEP
12288:3ENN+T5xYrllrU7QY6CRYiioQzhGTRKhWcFc9f:N5xolYQY6yYjJzhgKhWcFc9f
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4