General

  • Target

    5522a171bccdd7bf034a773427cc18380497f49dedbae7f478ddc16c9735d751

  • Size

    69KB

  • Sample

    241112-1699nawjgj

  • MD5

    e323ead0b82257e6522e5b8d9c7b3ca1

  • SHA1

    835b2f74a6cf23c9d32ec39888b3a226c3d9b554

  • SHA256

    5522a171bccdd7bf034a773427cc18380497f49dedbae7f478ddc16c9735d751

  • SHA512

    820d866b866b521fb51c8c437262087a5bb2e662bcc1e350dd70ccc25328e7c2308b84048049595aa4c984eddb4b98648fb6576498486ad54767f4f9aafa7e84

  • SSDEEP

    1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d19kwipv:ulg35GTslA5t31kw2

Malware Config

Targets

    • Target

      5522a171bccdd7bf034a773427cc18380497f49dedbae7f478ddc16c9735d751

    • Size

      69KB

    • MD5

      e323ead0b82257e6522e5b8d9c7b3ca1

    • SHA1

      835b2f74a6cf23c9d32ec39888b3a226c3d9b554

    • SHA256

      5522a171bccdd7bf034a773427cc18380497f49dedbae7f478ddc16c9735d751

    • SHA512

      820d866b866b521fb51c8c437262087a5bb2e662bcc1e350dd70ccc25328e7c2308b84048049595aa4c984eddb4b98648fb6576498486ad54767f4f9aafa7e84

    • SSDEEP

      1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d19kwipv:ulg35GTslA5t31kw2

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks