General
-
Target
911bdc14e5d50f8a704b04dcb73c967ccd5f5a87512684cff29132093a47cfe2
-
Size
73KB
-
Sample
241018-a6s29sweng
-
MD5
0664fb68600acee2f1ad68343d10ca87
-
SHA1
c5347d7a5f1632c5decbfd82c540f84b2b08d9b5
-
SHA256
911bdc14e5d50f8a704b04dcb73c967ccd5f5a87512684cff29132093a47cfe2
-
SHA512
f7224e2f8fe3f99402f5d5f025f42e59341aa5c981e81faa920b43569dfc8c69a4231e1ae70fc9585dbe8eb71e3b4c7338034f523e580c0b14379d8cf6fa3834
-
SSDEEP
1536:x+Yh85gHOEutUKZKEHfmWqk0AEPGER3ZaE/:fh3HOEuaWKE+/RA87Rn
Malware Config
Targets
-
-
Target
911bdc14e5d50f8a704b04dcb73c967ccd5f5a87512684cff29132093a47cfe2
-
Size
73KB
-
MD5
0664fb68600acee2f1ad68343d10ca87
-
SHA1
c5347d7a5f1632c5decbfd82c540f84b2b08d9b5
-
SHA256
911bdc14e5d50f8a704b04dcb73c967ccd5f5a87512684cff29132093a47cfe2
-
SHA512
f7224e2f8fe3f99402f5d5f025f42e59341aa5c981e81faa920b43569dfc8c69a4231e1ae70fc9585dbe8eb71e3b4c7338034f523e580c0b14379d8cf6fa3834
-
SSDEEP
1536:x+Yh85gHOEutUKZKEHfmWqk0AEPGER3ZaE/:fh3HOEuaWKE+/RA87Rn
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1