General

  • Target

    ef14f709e218bf4ce6f4a06fc23c6ad2f6f3f0282ca2c3127abb9f9012aa43b0

  • Size

    80KB

  • Sample

    241031-hpknkatqgj

  • MD5

    3c43a6087e960e41df1f6c38dc7aa401

  • SHA1

    0253433742d5441c4ae067de1e839ae32103b0da

  • SHA256

    ef14f709e218bf4ce6f4a06fc23c6ad2f6f3f0282ca2c3127abb9f9012aa43b0

  • SHA512

    a240b9e2f9ca54dbf2286f3d834f6e3f010c699222f873721fd0b1c97114bc21c48ad23f052b7ddc1d8639c6bf426acff5a0a673933151a200c45fe1946cb9b7

  • SSDEEP

    1536:BteqGDlXvCDB04f5Gn/L8ZlALNtnd17i9wK:Olg35GTclABtnDi9wK

Malware Config

Targets

    • Target

      ef14f709e218bf4ce6f4a06fc23c6ad2f6f3f0282ca2c3127abb9f9012aa43b0

    • Size

      80KB

    • MD5

      3c43a6087e960e41df1f6c38dc7aa401

    • SHA1

      0253433742d5441c4ae067de1e839ae32103b0da

    • SHA256

      ef14f709e218bf4ce6f4a06fc23c6ad2f6f3f0282ca2c3127abb9f9012aa43b0

    • SHA512

      a240b9e2f9ca54dbf2286f3d834f6e3f010c699222f873721fd0b1c97114bc21c48ad23f052b7ddc1d8639c6bf426acff5a0a673933151a200c45fe1946cb9b7

    • SSDEEP

      1536:BteqGDlXvCDB04f5Gn/L8ZlALNtnd17i9wK:Olg35GTclABtnDi9wK

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks