General
-
Target
aed1e927e28a0aef08dfbd3be27ae9f4d33f150e87dad18f3c288883c0f63e03N
-
Size
2.2MB
-
Sample
241027-ssledawrdw
-
MD5
6dbdc69771e30382aad6c4ac051f0360
-
SHA1
28272da6b9b0dd3e8bcf161a18205e954b587080
-
SHA256
aed1e927e28a0aef08dfbd3be27ae9f4d33f150e87dad18f3c288883c0f63e03
-
SHA512
84008b9ca6cb241687517061c398d812cdf1874afe31c6027c6eeff99b365c7e8d044f3a898ae54feb2bc0e459eb4264a26da16f6c880ee1eac1b0accd95fbfb
-
SSDEEP
24576:qIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIm:P
Static task
static1
Behavioral task
behavioral1
Sample
aed1e927e28a0aef08dfbd3be27ae9f4d33f150e87dad18f3c288883c0f63e03N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
aed1e927e28a0aef08dfbd3be27ae9f4d33f150e87dad18f3c288883c0f63e03N.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
aed1e927e28a0aef08dfbd3be27ae9f4d33f150e87dad18f3c288883c0f63e03N
-
Size
2.2MB
-
MD5
6dbdc69771e30382aad6c4ac051f0360
-
SHA1
28272da6b9b0dd3e8bcf161a18205e954b587080
-
SHA256
aed1e927e28a0aef08dfbd3be27ae9f4d33f150e87dad18f3c288883c0f63e03
-
SHA512
84008b9ca6cb241687517061c398d812cdf1874afe31c6027c6eeff99b365c7e8d044f3a898ae54feb2bc0e459eb4264a26da16f6c880ee1eac1b0accd95fbfb
-
SSDEEP
24576:qIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIm:P
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Drops startup file
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1