General
-
Target
bb4f9db78f9b82230d36088724c4bb6704b0493dbc68b2e307dfd01c2b4adff1
-
Size
211KB
-
Sample
240925-bvdzmswhlp
-
MD5
ba7902cf0d57ec967f553183dc88497b
-
SHA1
6a6fcfbf6769c779da98f1af95b0fa4945042274
-
SHA256
bb4f9db78f9b82230d36088724c4bb6704b0493dbc68b2e307dfd01c2b4adff1
-
SHA512
3c74ada3e1e9de1cf148a90f3ae5262c5e48d69205be5f87b4a92eec3abe5e0a708ce3ca3559d71362501dc9eab45c496031a66cb99b2d427e66117ee75f8cc2
-
SSDEEP
3072:JD6Xtx68yygRBE52mxkEOHLRMpZ4deth8PEAjAfIbAYGPhz6sPJBInxZqOM:Jh8cBzHLRMpZ4d1ZM
Malware Config
Targets
-
-
Target
bb4f9db78f9b82230d36088724c4bb6704b0493dbc68b2e307dfd01c2b4adff1
-
Size
211KB
-
MD5
ba7902cf0d57ec967f553183dc88497b
-
SHA1
6a6fcfbf6769c779da98f1af95b0fa4945042274
-
SHA256
bb4f9db78f9b82230d36088724c4bb6704b0493dbc68b2e307dfd01c2b4adff1
-
SHA512
3c74ada3e1e9de1cf148a90f3ae5262c5e48d69205be5f87b4a92eec3abe5e0a708ce3ca3559d71362501dc9eab45c496031a66cb99b2d427e66117ee75f8cc2
-
SSDEEP
3072:JD6Xtx68yygRBE52mxkEOHLRMpZ4deth8PEAjAfIbAYGPhz6sPJBInxZqOM:Jh8cBzHLRMpZ4d1ZM
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4