General

  • Target

    65cb58ed34e60ff42686436484bc6647b1e1b67c97a2a6b7cc131a9ec58ded6c

  • Size

    88KB

  • Sample

    241112-2va6vssjav

  • MD5

    d249085376413ac890c094d795c27179

  • SHA1

    b469e1113e05b041c4e1f5d7bd13f054bcb689f7

  • SHA256

    65cb58ed34e60ff42686436484bc6647b1e1b67c97a2a6b7cc131a9ec58ded6c

  • SHA512

    6af88ca2b2e2e93f303dfd6df3e0fe613f1cfa12646ed79e625eb2f2cf76efa367040bad054bb55e5f912cfbffd1159663e608455ee3f1da28adf638442ed775

  • SSDEEP

    768:3Og167GTCGTL9tCqwhX52pwTu5gV62i9wb4CWYLyAKfPXvByNGOLDd5FBEewN4WR:x0Y9WV32pau5gV62++Kf/vw/d5Uh4Avn

Malware Config

Targets

    • Target

      65cb58ed34e60ff42686436484bc6647b1e1b67c97a2a6b7cc131a9ec58ded6c

    • Size

      88KB

    • MD5

      d249085376413ac890c094d795c27179

    • SHA1

      b469e1113e05b041c4e1f5d7bd13f054bcb689f7

    • SHA256

      65cb58ed34e60ff42686436484bc6647b1e1b67c97a2a6b7cc131a9ec58ded6c

    • SHA512

      6af88ca2b2e2e93f303dfd6df3e0fe613f1cfa12646ed79e625eb2f2cf76efa367040bad054bb55e5f912cfbffd1159663e608455ee3f1da28adf638442ed775

    • SSDEEP

      768:3Og167GTCGTL9tCqwhX52pwTu5gV62i9wb4CWYLyAKfPXvByNGOLDd5FBEewN4WR:x0Y9WV32pau5gV62++Kf/vw/d5Uh4Avn

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks