General

  • Target

    4d26afa887ba981f4cb0fa9b43f5e273c4c3f0b0b61278da90a53b4f42f46472

  • Size

    88KB

  • Sample

    241112-1wn9favqhj

  • MD5

    d3a2bb9ed150d042c7d2d6a1e9b4e873

  • SHA1

    a180db1279e00737608a8570231e9c0ecebce3fb

  • SHA256

    4d26afa887ba981f4cb0fa9b43f5e273c4c3f0b0b61278da90a53b4f42f46472

  • SHA512

    c39ead8138d2b07fe6939289e36a428ed5c7f263be28159b38a79cf6e070cb2559b2b748017ad9a209519e8cc5ee8173366a5d1c94d0b616a70ea36e63ba3c04

  • SSDEEP

    768:3Og167GTCGTL9tCqwhX52pwTu5gV62i9wb4CWYLyAKfPXvByNGOLDd5FBEewN4Wx:x0Y9WV32pau5gV62++Kf/vw/d5Uh4AL

Malware Config

Targets

    • Target

      4d26afa887ba981f4cb0fa9b43f5e273c4c3f0b0b61278da90a53b4f42f46472

    • Size

      88KB

    • MD5

      d3a2bb9ed150d042c7d2d6a1e9b4e873

    • SHA1

      a180db1279e00737608a8570231e9c0ecebce3fb

    • SHA256

      4d26afa887ba981f4cb0fa9b43f5e273c4c3f0b0b61278da90a53b4f42f46472

    • SHA512

      c39ead8138d2b07fe6939289e36a428ed5c7f263be28159b38a79cf6e070cb2559b2b748017ad9a209519e8cc5ee8173366a5d1c94d0b616a70ea36e63ba3c04

    • SSDEEP

      768:3Og167GTCGTL9tCqwhX52pwTu5gV62i9wb4CWYLyAKfPXvByNGOLDd5FBEewN4Wx:x0Y9WV32pau5gV62++Kf/vw/d5Uh4AL

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks