General

  • Target

    56e4d764d0d1f8501580405cfc15e900912b97053532e472da197ebf08ccd0d5

  • Size

    23KB

  • Sample

    241112-191vdsserf

  • MD5

    c0be0077ce4a3717c83dc3018a7549d9

  • SHA1

    2562e792f7a1737632fe44dbbc5810e73fb1d39e

  • SHA256

    56e4d764d0d1f8501580405cfc15e900912b97053532e472da197ebf08ccd0d5

  • SHA512

    1180e8e485fd9f37506499857b6d82152a9176d5b871c7584c46a7c4e129a07647833ae4f2579deedab46994d982e00f1c70d6cdda5b5bcb7e444999df87ca60

  • SSDEEP

    384:jIz4qSFyuIsPgKBTmL3cf4OAkBEZCXeLp9HjwB1DI3ReAnOJ380v1:jIUnyuIwdSLcQpICvXwB12nOJ380v1

Malware Config

Targets

    • Target

      56e4d764d0d1f8501580405cfc15e900912b97053532e472da197ebf08ccd0d5

    • Size

      23KB

    • MD5

      c0be0077ce4a3717c83dc3018a7549d9

    • SHA1

      2562e792f7a1737632fe44dbbc5810e73fb1d39e

    • SHA256

      56e4d764d0d1f8501580405cfc15e900912b97053532e472da197ebf08ccd0d5

    • SHA512

      1180e8e485fd9f37506499857b6d82152a9176d5b871c7584c46a7c4e129a07647833ae4f2579deedab46994d982e00f1c70d6cdda5b5bcb7e444999df87ca60

    • SSDEEP

      384:jIz4qSFyuIsPgKBTmL3cf4OAkBEZCXeLp9HjwB1DI3ReAnOJ380v1:jIUnyuIwdSLcQpICvXwB12nOJ380v1

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks