General

  • Target

    c641fe590c8dbe4fa53a7459ba062a8746824971f78255f64c1da468c5112abaN

  • Size

    45KB

  • Sample

    241104-cl5axa1emq

  • MD5

    f6a9bc81490383124784ca790f5b0a70

  • SHA1

    e75eeffaab511485da2a2bb47bcad1273d0335dc

  • SHA256

    c641fe590c8dbe4fa53a7459ba062a8746824971f78255f64c1da468c5112aba

  • SHA512

    5aa58b0c4aaaa6a706fa15527e7d5b14d2a61630a3896b5ff05fc73d7c2f48f02569b452196b8b8d0cf0f309d34e924055843ef89e1ab2426cf0523c74723825

  • SSDEEP

    768:WAUJmQCcmLCXQq6fsKiJYsIkjJVzqsVG5kuGVAQvRWrE5+:RUNHFKQbIkHvGkAzm+

Malware Config

Targets

    • Target

      c641fe590c8dbe4fa53a7459ba062a8746824971f78255f64c1da468c5112abaN

    • Size

      45KB

    • MD5

      f6a9bc81490383124784ca790f5b0a70

    • SHA1

      e75eeffaab511485da2a2bb47bcad1273d0335dc

    • SHA256

      c641fe590c8dbe4fa53a7459ba062a8746824971f78255f64c1da468c5112aba

    • SHA512

      5aa58b0c4aaaa6a706fa15527e7d5b14d2a61630a3896b5ff05fc73d7c2f48f02569b452196b8b8d0cf0f309d34e924055843ef89e1ab2426cf0523c74723825

    • SSDEEP

      768:WAUJmQCcmLCXQq6fsKiJYsIkjJVzqsVG5kuGVAQvRWrE5+:RUNHFKQbIkHvGkAzm+

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks