General

  • Target

    e5f6704df110055a0c7111271796451f357255738792a14f9a96f415e96cb6f0N.exe

  • Size

    81KB

  • Sample

    241113-hjekcsxelm

  • MD5

    bf7b28919b74dc6aa82bb8167dcec3f1

  • SHA1

    aa1398a124c3b66ec896f59af7c3a363ea282c85

  • SHA256

    2f7e03402ede5005d182387ad20bde41f5eed1056df955435a2da64dab128a1b

  • SHA512

    9ed1eb113d5489640f4128ffe6a86c3fab9fcebcefe91f8afa81b70fa7cf0ef2f7adef806a9f2eec177ef7babfef09d5d75f94b8f1d033a151ca72644aaa9eea

  • SSDEEP

    1536:BteqGDlXvCDB04f5Gn/L8ZlALNtnd17i9wi:Olg35GTclABtnDi9wi

Malware Config

Targets

    • Target

      e5f6704df110055a0c7111271796451f357255738792a14f9a96f415e96cb6f0N.exe

    • Size

      81KB

    • MD5

      bf7b28919b74dc6aa82bb8167dcec3f1

    • SHA1

      aa1398a124c3b66ec896f59af7c3a363ea282c85

    • SHA256

      2f7e03402ede5005d182387ad20bde41f5eed1056df955435a2da64dab128a1b

    • SHA512

      9ed1eb113d5489640f4128ffe6a86c3fab9fcebcefe91f8afa81b70fa7cf0ef2f7adef806a9f2eec177ef7babfef09d5d75f94b8f1d033a151ca72644aaa9eea

    • SSDEEP

      1536:BteqGDlXvCDB04f5Gn/L8ZlALNtnd17i9wi:Olg35GTclABtnDi9wi

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks