General

  • Target

    913175e9e0e0224e7e699f49db6ed61ded4b87b8e66c07533d17005ed04966d8

  • Size

    71KB

  • Sample

    241114-arew4avqal

  • MD5

    b97dad59ad749963438ba6e88828ce06

  • SHA1

    6074280b4965f7da2851c01db5522341663ece6a

  • SHA256

    913175e9e0e0224e7e699f49db6ed61ded4b87b8e66c07533d17005ed04966d8

  • SHA512

    fe965f398ea79d8706bdcbb05b751bf77e0146858628bd26ca46c8a721c7e4ce3ed585adff4799f79caaf34174820eb95dfc054640e569914604fa259d3d7da6

  • SSDEEP

    1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8slf:Olg35GTslA5t3/w8u

Malware Config

Targets

    • Target

      913175e9e0e0224e7e699f49db6ed61ded4b87b8e66c07533d17005ed04966d8

    • Size

      71KB

    • MD5

      b97dad59ad749963438ba6e88828ce06

    • SHA1

      6074280b4965f7da2851c01db5522341663ece6a

    • SHA256

      913175e9e0e0224e7e699f49db6ed61ded4b87b8e66c07533d17005ed04966d8

    • SHA512

      fe965f398ea79d8706bdcbb05b751bf77e0146858628bd26ca46c8a721c7e4ce3ed585adff4799f79caaf34174820eb95dfc054640e569914604fa259d3d7da6

    • SSDEEP

      1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8slf:Olg35GTslA5t3/w8u

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks