General

  • Target

    6abf57132a87bcc95ac32f5b77f4dbc9813730de4e8f7ba9974827833ea5ecd4

  • Size

    71KB

  • Sample

    241112-23nrxsshpb

  • MD5

    dd2d03337e613410aab6625c608b0fa9

  • SHA1

    f657a0674a25898596b6f3937ecfb3d522979ffe

  • SHA256

    6abf57132a87bcc95ac32f5b77f4dbc9813730de4e8f7ba9974827833ea5ecd4

  • SHA512

    365e48a53de93d44f1478c69b692fbafc540a2a5002f3ce2d9f8ef6cba6c649764285ee39a45e67f5d5ce9304abf14454a1c6da3adc33b57151c93a72af46fc1

  • SSDEEP

    1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8sl5Y:Olg35GTslA5t3/w8gY

Malware Config

Targets

    • Target

      6abf57132a87bcc95ac32f5b77f4dbc9813730de4e8f7ba9974827833ea5ecd4

    • Size

      71KB

    • MD5

      dd2d03337e613410aab6625c608b0fa9

    • SHA1

      f657a0674a25898596b6f3937ecfb3d522979ffe

    • SHA256

      6abf57132a87bcc95ac32f5b77f4dbc9813730de4e8f7ba9974827833ea5ecd4

    • SHA512

      365e48a53de93d44f1478c69b692fbafc540a2a5002f3ce2d9f8ef6cba6c649764285ee39a45e67f5d5ce9304abf14454a1c6da3adc33b57151c93a72af46fc1

    • SSDEEP

      1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8sl5Y:Olg35GTslA5t3/w8gY

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks