General
-
Target
5f7a3d7c9dc9d3ec9e84f7e0d2d1307d53d39403e66cfbcb0455d79ad5cbf026N
-
Size
93KB
-
Sample
241110-eav9zayhlc
-
MD5
f3149f58d1635e49ecd3c0f2d2ef5e50
-
SHA1
24ec5ff9c43dc8f1d3521e6b5d732adfcdf220ea
-
SHA256
5f7a3d7c9dc9d3ec9e84f7e0d2d1307d53d39403e66cfbcb0455d79ad5cbf026
-
SHA512
30fd02408df22d57a894ca620fdb8635e4474935e309ef4995413ecbb6e44755171889deb4b93f91df183aeaf882c06e3e5f3572fff5ed1a97f4677df80d45fb
-
SSDEEP
1536:42lTb6wb9mizg3qtKklJ6RBvqtKklJ6RBpp9UoJ:42lTveqBloDqBloz
Malware Config
Targets
-
-
Target
5f7a3d7c9dc9d3ec9e84f7e0d2d1307d53d39403e66cfbcb0455d79ad5cbf026N
-
Size
93KB
-
MD5
f3149f58d1635e49ecd3c0f2d2ef5e50
-
SHA1
24ec5ff9c43dc8f1d3521e6b5d732adfcdf220ea
-
SHA256
5f7a3d7c9dc9d3ec9e84f7e0d2d1307d53d39403e66cfbcb0455d79ad5cbf026
-
SHA512
30fd02408df22d57a894ca620fdb8635e4474935e309ef4995413ecbb6e44755171889deb4b93f91df183aeaf882c06e3e5f3572fff5ed1a97f4677df80d45fb
-
SSDEEP
1536:42lTb6wb9mizg3qtKklJ6RBvqtKklJ6RBpp9UoJ:42lTveqBloDqBloz
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Modifies WinLogon
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Browser Extensions
1Event Triggered Execution
1Change Default File Association
1