General

  • Target

    2ace97f16fb09bf04df0db37bdffd17206a22e64a5c8935e358603dac45a1e15N

  • Size

    45KB

  • Sample

    241104-jaxv1szmfj

  • MD5

    508e9204f2220a6e5f6dd3d62bf4d180

  • SHA1

    58e91a6d93e1172916675226e2782d8a8bb6643c

  • SHA256

    2ace97f16fb09bf04df0db37bdffd17206a22e64a5c8935e358603dac45a1e15

  • SHA512

    1eff009b318c67fdd7b92350218db3336b0c5105bb5da565da89f43bd48703f9a6147aefcd368a5e411a3b5b8708229369167d5eee0dcd160bfada6219675bdc

  • SSDEEP

    768:WAUJmQCcmLCXQq6fsKiJYsIkjJVzqsVG5kuGVAQvRWrE5v:RUNHFKQbIkHvGkAzmv

Malware Config

Targets

    • Target

      2ace97f16fb09bf04df0db37bdffd17206a22e64a5c8935e358603dac45a1e15N

    • Size

      45KB

    • MD5

      508e9204f2220a6e5f6dd3d62bf4d180

    • SHA1

      58e91a6d93e1172916675226e2782d8a8bb6643c

    • SHA256

      2ace97f16fb09bf04df0db37bdffd17206a22e64a5c8935e358603dac45a1e15

    • SHA512

      1eff009b318c67fdd7b92350218db3336b0c5105bb5da565da89f43bd48703f9a6147aefcd368a5e411a3b5b8708229369167d5eee0dcd160bfada6219675bdc

    • SSDEEP

      768:WAUJmQCcmLCXQq6fsKiJYsIkjJVzqsVG5kuGVAQvRWrE5v:RUNHFKQbIkHvGkAzmv

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks