General

  • Target

    4a081f5e3e7223fca984d8c6e98a250856d3029c761a9cc21bdbbffa7b199add

  • Size

    52KB

  • Sample

    241104-13mzysyfjr

  • MD5

    ba8afb71380cde860f2984b7dfe784dc

  • SHA1

    143276cf5c6ce3d6070714c4b3afcd4b0e392adf

  • SHA256

    4a081f5e3e7223fca984d8c6e98a250856d3029c761a9cc21bdbbffa7b199add

  • SHA512

    7194cac449cf5cc2ed3774695902b5821710cba83b4801669f1589d295fc23b9941d89da0e4714968462880562896cd60a5a2115f14fd60e3661e5a327243493

  • SSDEEP

    1536:dU6JhlQvW4R8ZDW2OsdCj7VhJ/YY5rInouy8r:dRhlARSOsdwD/98out

Malware Config

Targets

    • Target

      4a081f5e3e7223fca984d8c6e98a250856d3029c761a9cc21bdbbffa7b199add

    • Size

      52KB

    • MD5

      ba8afb71380cde860f2984b7dfe784dc

    • SHA1

      143276cf5c6ce3d6070714c4b3afcd4b0e392adf

    • SHA256

      4a081f5e3e7223fca984d8c6e98a250856d3029c761a9cc21bdbbffa7b199add

    • SHA512

      7194cac449cf5cc2ed3774695902b5821710cba83b4801669f1589d295fc23b9941d89da0e4714968462880562896cd60a5a2115f14fd60e3661e5a327243493

    • SSDEEP

      1536:dU6JhlQvW4R8ZDW2OsdCj7VhJ/YY5rInouy8r:dRhlARSOsdwD/98out

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Disables RegEdit via registry modification

    • Disables use of System Restore points

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks