General
-
Target
934521da6fcf89b513f1b06ec3277d16a62d3d212ac6a1dc7f3b9e6f6e21fba6N.exe
-
Size
6.5MB
-
Sample
241112-z17qxavkgr
-
MD5
e155ceb06ac1b1eb3bb464c167635fa5
-
SHA1
1cdf6d08951714512bb9a70bb3c52b8a77c793b4
-
SHA256
595996ad7812cd42bab3c9d6a765c370dcd832f7461099bad1519602cbbbe494
-
SHA512
ec209d1a1d0a4f0fa714dbe91d83f24e8604db34dcffa4789c9f0f9ad945a545c5cf6cdfd2336a983fe5632ff748e259695fbce7154f6a4af5081275c001f953
-
SSDEEP
196608:47effIPEsy58doQaTzwZ8Jq3QKnqVtxQnKnqVtxQu9OryfEQdy38doQaoiny/mKx:47effIPEsy58doQaTzwZ8Jq3QKnqVtxY
Malware Config
Targets
-
-
Target
934521da6fcf89b513f1b06ec3277d16a62d3d212ac6a1dc7f3b9e6f6e21fba6N.exe
-
Size
6.5MB
-
MD5
e155ceb06ac1b1eb3bb464c167635fa5
-
SHA1
1cdf6d08951714512bb9a70bb3c52b8a77c793b4
-
SHA256
595996ad7812cd42bab3c9d6a765c370dcd832f7461099bad1519602cbbbe494
-
SHA512
ec209d1a1d0a4f0fa714dbe91d83f24e8604db34dcffa4789c9f0f9ad945a545c5cf6cdfd2336a983fe5632ff748e259695fbce7154f6a4af5081275c001f953
-
SSDEEP
196608:47effIPEsy58doQaTzwZ8Jq3QKnqVtxQnKnqVtxQu9OryfEQdy38doQaoiny/mKx:47effIPEsy58doQaTzwZ8Jq3QKnqVtxY
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Sets service image path in registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Modifies WinLogon
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2