General

  • Target

    8ff77d45e797ea1b4164c199febd6277a85bd627c42211ba537ae8c247f2bebf

  • Size

    46KB

  • Sample

    241114-apn2zs1may

  • MD5

    96a018795d27e27d41e02f2deff3b6d0

  • SHA1

    689b55383a56cd226b7744408ae1cf7076cf10fb

  • SHA256

    8ff77d45e797ea1b4164c199febd6277a85bd627c42211ba537ae8c247f2bebf

  • SHA512

    af0d9764d89398596cd93e72b120dda5c73b2302763f585a23690c78238668af3e56c1a9a684c5214b2fbc5d7bb587f2c57c5cf6d44ec8ac1dadae4e0fcf40ff

  • SSDEEP

    768:jIU2Nwt3WpoHd8EOxPwSIzYuCrxQ2936di5jh9XWYl:jaCmKd8EwwSIzYDrxQ2936GjhdNl

Malware Config

Targets

    • Target

      8ff77d45e797ea1b4164c199febd6277a85bd627c42211ba537ae8c247f2bebf

    • Size

      46KB

    • MD5

      96a018795d27e27d41e02f2deff3b6d0

    • SHA1

      689b55383a56cd226b7744408ae1cf7076cf10fb

    • SHA256

      8ff77d45e797ea1b4164c199febd6277a85bd627c42211ba537ae8c247f2bebf

    • SHA512

      af0d9764d89398596cd93e72b120dda5c73b2302763f585a23690c78238668af3e56c1a9a684c5214b2fbc5d7bb587f2c57c5cf6d44ec8ac1dadae4e0fcf40ff

    • SSDEEP

      768:jIU2Nwt3WpoHd8EOxPwSIzYuCrxQ2936di5jh9XWYl:jaCmKd8EwwSIzYDrxQ2936GjhdNl

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks