General

  • Target

    1bd4762f95f855f54b506e003af23ab9da0d79fa1bafb89d801e850512eddd8b.exe

  • Size

    47KB

  • Sample

    241113-a58fkatfla

  • MD5

    e5040c0e7485fb6bc284f56b2453120a

  • SHA1

    26faae9fa1aae7acfbfd4e9e55223a7d0a092cc2

  • SHA256

    1bd4762f95f855f54b506e003af23ab9da0d79fa1bafb89d801e850512eddd8b

  • SHA512

    004e250009e55007e9ff19b1aa2745688d521a98b780048d02c4bc8e6ffb2b9053dc865116cc82538b13e5adac23b11ecf029ea9d46e75bab2134078b03c541e

  • SSDEEP

    768:WAUJmQCcmLCXQq6fsKiJYsIkjJVzqsVG5kuGVAQvSmtvW:RUNHFKQbIkHvGkAYvW

Malware Config

Targets

    • Target

      1bd4762f95f855f54b506e003af23ab9da0d79fa1bafb89d801e850512eddd8b.exe

    • Size

      47KB

    • MD5

      e5040c0e7485fb6bc284f56b2453120a

    • SHA1

      26faae9fa1aae7acfbfd4e9e55223a7d0a092cc2

    • SHA256

      1bd4762f95f855f54b506e003af23ab9da0d79fa1bafb89d801e850512eddd8b

    • SHA512

      004e250009e55007e9ff19b1aa2745688d521a98b780048d02c4bc8e6ffb2b9053dc865116cc82538b13e5adac23b11ecf029ea9d46e75bab2134078b03c541e

    • SSDEEP

      768:WAUJmQCcmLCXQq6fsKiJYsIkjJVzqsVG5kuGVAQvSmtvW:RUNHFKQbIkHvGkAYvW

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks