General
-
Target
b8316efb3851b4ae4759e441fde7874f3b05b818c601dfe10eccd87832fb664d
-
Size
70KB
-
Sample
240920-k5llxayeqh
-
MD5
ce490d8ee9b7dac1d21d73008451f0c8
-
SHA1
31e0038c763d71645fd0d87d9845f9d111f67be4
-
SHA256
b8316efb3851b4ae4759e441fde7874f3b05b818c601dfe10eccd87832fb664d
-
SHA512
439d928b4538d9285673055abf2657ebdb28106403e9ec9b181fe7da2911e67d1c58d3f262a242d83eff7d0c4d388902cc83a695199493b82d2af97ef6052b6a
-
SSDEEP
768:x/neHUjXYmP4hoZJPYzWmueBFiO2zs03x48cttDZvxMWxRU0TsMkNVMbmUftC:xWHoXfP4+jCvueCpWtON0Te3
Malware Config
Targets
-
-
Target
b8316efb3851b4ae4759e441fde7874f3b05b818c601dfe10eccd87832fb664d
-
Size
70KB
-
MD5
ce490d8ee9b7dac1d21d73008451f0c8
-
SHA1
31e0038c763d71645fd0d87d9845f9d111f67be4
-
SHA256
b8316efb3851b4ae4759e441fde7874f3b05b818c601dfe10eccd87832fb664d
-
SHA512
439d928b4538d9285673055abf2657ebdb28106403e9ec9b181fe7da2911e67d1c58d3f262a242d83eff7d0c4d388902cc83a695199493b82d2af97ef6052b6a
-
SSDEEP
768:x/neHUjXYmP4hoZJPYzWmueBFiO2zs03x48cttDZvxMWxRU0TsMkNVMbmUftC:xWHoXfP4+jCvueCpWtON0Te3
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1