General
-
Target
0f78a64baad1110e7a1ddc1b30bfd6c71f06c5af0086da3f49ff82f82b978965N
-
Size
1.4MB
-
Sample
241003-d76arswfqb
-
MD5
00635f7f446969ece6ad37c4e8aa6310
-
SHA1
5245de94dce16e6db5603d25c9f60a84ec9e3ecf
-
SHA256
0f78a64baad1110e7a1ddc1b30bfd6c71f06c5af0086da3f49ff82f82b978965
-
SHA512
394dc710b0394eefff3b9521c937e38b6d0256111522cbab0c9807ae532193968924ea40e4d6080620e2eb642ce55a39a371de67a22d7a30a5b7365f71966a34
-
SSDEEP
6144:zvEN2U+T6i5LirrllHy4HUcMQY6wH/aF8OiJoMUjI111dSBTn+jg:zENN+T5xYrllrU7QY6wH/XOJMU+s
Malware Config
Targets
-
-
Target
0f78a64baad1110e7a1ddc1b30bfd6c71f06c5af0086da3f49ff82f82b978965N
-
Size
1.4MB
-
MD5
00635f7f446969ece6ad37c4e8aa6310
-
SHA1
5245de94dce16e6db5603d25c9f60a84ec9e3ecf
-
SHA256
0f78a64baad1110e7a1ddc1b30bfd6c71f06c5af0086da3f49ff82f82b978965
-
SHA512
394dc710b0394eefff3b9521c937e38b6d0256111522cbab0c9807ae532193968924ea40e4d6080620e2eb642ce55a39a371de67a22d7a30a5b7365f71966a34
-
SSDEEP
6144:zvEN2U+T6i5LirrllHy4HUcMQY6wH/aF8OiJoMUjI111dSBTn+jg:zENN+T5xYrllrU7QY6wH/XOJMU+s
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4