General
-
Target
86d36e704668c30f40596bb4a838f748988bed8189c702c383e48c529e7501c3N
-
Size
21KB
-
Sample
241001-zk6tnszdpk
-
MD5
64f2f6aa6f831df2e929cfa641dd9bc0
-
SHA1
bf00ff2a567b252c6ac277050a8bf8e60938140c
-
SHA256
86d36e704668c30f40596bb4a838f748988bed8189c702c383e48c529e7501c3
-
SHA512
a268d1d29e1c2951b71f11c7d4f945b89d9dbe0ea521dc587c660a1420f90ac97ce697f5dda0464132665a6a2b48d9042e8c33af9272408db6965edf2169b30d
-
SSDEEP
384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXk284EjIlP:rRkiLw3HsDSARGG/+4EjYP
Malware Config
Targets
-
-
Target
86d36e704668c30f40596bb4a838f748988bed8189c702c383e48c529e7501c3N
-
Size
21KB
-
MD5
64f2f6aa6f831df2e929cfa641dd9bc0
-
SHA1
bf00ff2a567b252c6ac277050a8bf8e60938140c
-
SHA256
86d36e704668c30f40596bb4a838f748988bed8189c702c383e48c529e7501c3
-
SHA512
a268d1d29e1c2951b71f11c7d4f945b89d9dbe0ea521dc587c660a1420f90ac97ce697f5dda0464132665a6a2b48d9042e8c33af9272408db6965edf2169b30d
-
SSDEEP
384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXk284EjIlP:rRkiLw3HsDSARGG/+4EjYP
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1