General

  • Target

    52477199561794e3f8e5871c0226cc4d267f039ff66535554d4be1e19796fdd6N

  • Size

    64KB

  • Sample

    241104-fqx9yavale

  • MD5

    58cc7772895672f3c1ad1eb2b089f080

  • SHA1

    3411881e2c0c92d496a310736aa4c7f6892fcefc

  • SHA256

    52477199561794e3f8e5871c0226cc4d267f039ff66535554d4be1e19796fdd6

  • SHA512

    508320d35dec15ef7fa906a178d81e74d650e0464dc099d0806030a0d9f6c2e17fac24f32d23b579e6b8effde1edf82842c1ec6b311b8115a217caaa1ff24abc

  • SSDEEP

    768:rAUJmQCcmLCXQq6fsKiJYsIkjJVzqsVG5kuGKQLddOW/p4WvEITH3i:sUNHFKQbIkHvGMdOq4b

Malware Config

Targets

    • Target

      52477199561794e3f8e5871c0226cc4d267f039ff66535554d4be1e19796fdd6N

    • Size

      64KB

    • MD5

      58cc7772895672f3c1ad1eb2b089f080

    • SHA1

      3411881e2c0c92d496a310736aa4c7f6892fcefc

    • SHA256

      52477199561794e3f8e5871c0226cc4d267f039ff66535554d4be1e19796fdd6

    • SHA512

      508320d35dec15ef7fa906a178d81e74d650e0464dc099d0806030a0d9f6c2e17fac24f32d23b579e6b8effde1edf82842c1ec6b311b8115a217caaa1ff24abc

    • SSDEEP

      768:rAUJmQCcmLCXQq6fsKiJYsIkjJVzqsVG5kuGKQLddOW/p4WvEITH3i:sUNHFKQbIkHvGMdOq4b

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks