General

  • Target

    ef7031b83716a98591da92f00dac92464093c75e111fee49cd26804ff593c47fN

  • Size

    196KB

  • Sample

    241107-sfsypavblg

  • MD5

    07f35139b8c124c730d8c073b7b9cfc0

  • SHA1

    1bda918d117b2e20ff9543c03a4abaeb799119fa

  • SHA256

    ef7031b83716a98591da92f00dac92464093c75e111fee49cd26804ff593c47f

  • SHA512

    ee478bbcf7273843d31cc5e77df4612edf12d2dfcc3a19e08e27ed38fa63b004df23265cbc9644bdd1bb3f23fb894b4fc366b25e8afe9fc9b40c50fdc382488f

  • SSDEEP

    3072:ZOgUXoutNNxZVX4/awxfodLJUBv9Bsor1rHjhMU9npQQpmuG:ZFYoSrRARoYlld9n2Qpmx

Malware Config

Targets

    • Target

      ef7031b83716a98591da92f00dac92464093c75e111fee49cd26804ff593c47fN

    • Size

      196KB

    • MD5

      07f35139b8c124c730d8c073b7b9cfc0

    • SHA1

      1bda918d117b2e20ff9543c03a4abaeb799119fa

    • SHA256

      ef7031b83716a98591da92f00dac92464093c75e111fee49cd26804ff593c47f

    • SHA512

      ee478bbcf7273843d31cc5e77df4612edf12d2dfcc3a19e08e27ed38fa63b004df23265cbc9644bdd1bb3f23fb894b4fc366b25e8afe9fc9b40c50fdc382488f

    • SSDEEP

      3072:ZOgUXoutNNxZVX4/awxfodLJUBv9Bsor1rHjhMU9npQQpmuG:ZFYoSrRARoYlld9n2Qpmx

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Disables RegEdit via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks