General
-
Target
9e5cb79aaa073100203e2d4e146e10d08c97b68289810a0651c95d8dc9a5d28bN
-
Size
512KB
-
Sample
241021-ll2z8azhpn
-
MD5
8188421aa04af3bbe82f15502ec59380
-
SHA1
af8431a76a57ccb4e8b26e16728e04cdb8374604
-
SHA256
9e5cb79aaa073100203e2d4e146e10d08c97b68289810a0651c95d8dc9a5d28b
-
SHA512
d1422ddcfda2c309cec6f0adf5d3319e2c96bc744463591251fdbaac8f65c1a900226333aaf57c666ae258d64defe5195d63fe7eaf31d94751fca9d8f1b963bf
-
SSDEEP
6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6w:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5H
Static task
static1
Behavioral task
behavioral1
Sample
9e5cb79aaa073100203e2d4e146e10d08c97b68289810a0651c95d8dc9a5d28bN.exe
Resource
win7-20240708-en
Malware Config
Targets
-
-
Target
9e5cb79aaa073100203e2d4e146e10d08c97b68289810a0651c95d8dc9a5d28bN
-
Size
512KB
-
MD5
8188421aa04af3bbe82f15502ec59380
-
SHA1
af8431a76a57ccb4e8b26e16728e04cdb8374604
-
SHA256
9e5cb79aaa073100203e2d4e146e10d08c97b68289810a0651c95d8dc9a5d28b
-
SHA512
d1422ddcfda2c309cec6f0adf5d3319e2c96bc744463591251fdbaac8f65c1a900226333aaf57c666ae258d64defe5195d63fe7eaf31d94751fca9d8f1b963bf
-
SSDEEP
6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6w:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5H
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
2Disable or Modify Tools
2Modify Registry
7Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1