General
-
Target
account_convert_icon_136995.ico
-
Size
66KB
-
Sample
240920-rfmk8szgmf
-
MD5
1836b6b594dc60611a302d99fe4d6f7d
-
SHA1
0a5b0ae5d3608ca46217d59f4d5f0bae18b28cd0
-
SHA256
c987ef43cf5423d65f71ac48cae736bfa419d194da02487178e618e922be995f
-
SHA512
c4232cd1444a7cd228e13a63413a095201f8001ae5809e39ab6e68862a5d553c555c8cf3fbae3a7615a28c87eaa906524a71fe5ceca76f8b4690dabbd8841703
-
SSDEEP
192:PE7JdVvSiWqvlOGoovynE4gnl4QK6RdqiK1gjN:PE7JdlSiWqdQovynE4glQ6GsN
Malware Config
Targets
-
-
Target
account_convert_icon_136995.ico
-
Size
66KB
-
MD5
1836b6b594dc60611a302d99fe4d6f7d
-
SHA1
0a5b0ae5d3608ca46217d59f4d5f0bae18b28cd0
-
SHA256
c987ef43cf5423d65f71ac48cae736bfa419d194da02487178e618e922be995f
-
SHA512
c4232cd1444a7cd228e13a63413a095201f8001ae5809e39ab6e68862a5d553c555c8cf3fbae3a7615a28c87eaa906524a71fe5ceca76f8b4690dabbd8841703
-
SSDEEP
192:PE7JdVvSiWqvlOGoovynE4gnl4QK6RdqiK1gjN:PE7JdlSiWqdQovynE4glQ6GsN
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Disables RegEdit via registry modification
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3