General
-
Target
Worm.Win32.Ludbaruma.pz-806ff5a4291ace6371cfa09d584567b7d652d7b28c167a5ab9c4115e9aa4e1f7N
-
Size
91KB
-
Sample
240920-ljyvsazcmc
-
MD5
873ef5c05d08ea689a7089b2587d2330
-
SHA1
9aba971d627abf02ea1e0b00600912eb0f8626a5
-
SHA256
806ff5a4291ace6371cfa09d584567b7d652d7b28c167a5ab9c4115e9aa4e1f7
-
SHA512
f92df22b69780ace53fbe815b066b3dbaabe56b4f697375c6627be513ef6799f05eeb70ced00bde6c05836bd8dfb467044889af33cd37d2abf699d3aecba9b15
-
SSDEEP
1536:FAwEmBGz1lNNqDaG0PoxhlzmnAwEmBGz1lNNqDaG0Poxhlzm/:FGmUXNQDaG0A8nGmUXNQDaG0A8/
Malware Config
Targets
-
-
Target
Worm.Win32.Ludbaruma.pz-806ff5a4291ace6371cfa09d584567b7d652d7b28c167a5ab9c4115e9aa4e1f7N
-
Size
91KB
-
MD5
873ef5c05d08ea689a7089b2587d2330
-
SHA1
9aba971d627abf02ea1e0b00600912eb0f8626a5
-
SHA256
806ff5a4291ace6371cfa09d584567b7d652d7b28c167a5ab9c4115e9aa4e1f7
-
SHA512
f92df22b69780ace53fbe815b066b3dbaabe56b4f697375c6627be513ef6799f05eeb70ced00bde6c05836bd8dfb467044889af33cd37d2abf699d3aecba9b15
-
SSDEEP
1536:FAwEmBGz1lNNqDaG0PoxhlzmnAwEmBGz1lNNqDaG0Poxhlzm/:FGmUXNQDaG0A8nGmUXNQDaG0A8/
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables use of System Restore points
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
6