General
-
Target
dd6a202877370fcacc9fe350dc98f31d225fdcb6203cb262c9bb7ebbf32f4565
-
Size
73KB
-
Sample
241014-fbrtlstbrl
-
MD5
867fdc7a65d61479a3d25c8628efabb1
-
SHA1
e91c9d66fb4236208d3c433ebec600470602f020
-
SHA256
dd6a202877370fcacc9fe350dc98f31d225fdcb6203cb262c9bb7ebbf32f4565
-
SHA512
7b3d638bb0060d734919b5668bd9f3cd33501629ab29a8d192db95c2b2fe4e3a959449d8648d64493629341ce79ab3d531827adfcb5e8ab6ca45fe1d4f1a69d7
-
SSDEEP
1536:xKuohaiYr8JIjolZFH1wt/+PMq8tEn4W/QUq2r6TMb:boBYr8jlhyk4nGq2rkMb
Malware Config
Targets
-
-
Target
dd6a202877370fcacc9fe350dc98f31d225fdcb6203cb262c9bb7ebbf32f4565
-
Size
73KB
-
MD5
867fdc7a65d61479a3d25c8628efabb1
-
SHA1
e91c9d66fb4236208d3c433ebec600470602f020
-
SHA256
dd6a202877370fcacc9fe350dc98f31d225fdcb6203cb262c9bb7ebbf32f4565
-
SHA512
7b3d638bb0060d734919b5668bd9f3cd33501629ab29a8d192db95c2b2fe4e3a959449d8648d64493629341ce79ab3d531827adfcb5e8ab6ca45fe1d4f1a69d7
-
SSDEEP
1536:xKuohaiYr8JIjolZFH1wt/+PMq8tEn4W/QUq2r6TMb:boBYr8jlhyk4nGq2rkMb
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1