General
-
Target
ae5c5097584f225b2eec3981d0b35114971dbd53d93b6493e46718317e5239caN
-
Size
44KB
-
Sample
240928-gchsrszbpn
-
MD5
a1acff31f5836eeb36e73fc1d8f0e810
-
SHA1
76010c230c6ef58e0ef6291666ef98d0583a6cba
-
SHA256
ae5c5097584f225b2eec3981d0b35114971dbd53d93b6493e46718317e5239ca
-
SHA512
f1dfff663dab92b1d2e761d1cb21da2f6042e3ec18c445f572efb590ab31639b4ed1aa19c066b1fd89d19c7a02444b33f347c9357020d338b5bbc146ffafffe3
-
SSDEEP
768:WAUJmQCcmLCXQq6fsKiJYsIkjJVzqsVG5kuGVAQvavWPG7:RUNHFKQbIkHvGkAjt7
Malware Config
Targets
-
-
Target
ae5c5097584f225b2eec3981d0b35114971dbd53d93b6493e46718317e5239caN
-
Size
44KB
-
MD5
a1acff31f5836eeb36e73fc1d8f0e810
-
SHA1
76010c230c6ef58e0ef6291666ef98d0583a6cba
-
SHA256
ae5c5097584f225b2eec3981d0b35114971dbd53d93b6493e46718317e5239ca
-
SHA512
f1dfff663dab92b1d2e761d1cb21da2f6042e3ec18c445f572efb590ab31639b4ed1aa19c066b1fd89d19c7a02444b33f347c9357020d338b5bbc146ffafffe3
-
SSDEEP
768:WAUJmQCcmLCXQq6fsKiJYsIkjJVzqsVG5kuGVAQvavWPG7:RUNHFKQbIkHvGkAjt7
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1