General
-
Target
KMSAuto Lite x64 1.8.6.exe
-
Size
6.3MB
-
Sample
241017-tzwpcsvaqc
-
MD5
7b3563b8dae4dc736c16716eb88a3a37
-
SHA1
639455f16ad599cdaef71f906cea414ab73bb68b
-
SHA256
c085209c5b01d2a516a40e18cefdf5b4bdf5131f3a7f66bf91762cc151169a60
-
SHA512
b36a1d8698b8aaf21ec58212afd2b7ff41d3c6a4e2cb9e5f75cf84e6e58d37cb5b8c742f0f4d8ed487c8815d1db9f965dabf3ca83095df933d0baa78058f3ef0
-
SSDEEP
98304:vUfwPRIkF+DywzlCbj/TSYDExAdmcROSdT7RX1:vUfaRTFzwzehoAwI7h1
Malware Config
Targets
-
-
Target
KMSAuto Lite x64 1.8.6.exe
-
Size
6.3MB
-
MD5
7b3563b8dae4dc736c16716eb88a3a37
-
SHA1
639455f16ad599cdaef71f906cea414ab73bb68b
-
SHA256
c085209c5b01d2a516a40e18cefdf5b4bdf5131f3a7f66bf91762cc151169a60
-
SHA512
b36a1d8698b8aaf21ec58212afd2b7ff41d3c6a4e2cb9e5f75cf84e6e58d37cb5b8c742f0f4d8ed487c8815d1db9f965dabf3ca83095df933d0baa78058f3ef0
-
SSDEEP
98304:vUfwPRIkF+DywzlCbj/TSYDExAdmcROSdT7RX1:vUfaRTFzwzehoAwI7h1
Score8/10-
Creates new service(s)
-
Event Triggered Execution: Image File Execution Options Injection
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Stops running service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3Event Triggered Execution
2Image File Execution Options Injection
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3Event Triggered Execution
2Image File Execution Options Injection
1Netsh Helper DLL
1