General

  • Target

    a81b318fbfd733366340305a6f77bd73e879049b26d1a5e42c3e59f424fe822e

  • Size

    34KB

  • Sample

    241114-bqeqdawkel

  • MD5

    43641196e0d4c8995133d4d3c721a0c4

  • SHA1

    422ef769e8eaf0ef26ebb71b43d3f762a25dadce

  • SHA256

    a81b318fbfd733366340305a6f77bd73e879049b26d1a5e42c3e59f424fe822e

  • SHA512

    eb00d08f1dbcf2aed302d4499d6589ff1e5f73ad7986804668d0c2a0b0c1009e2f4c556a386e4340a789098f32604e6f3c4ac286a3a66c72ae94a96a2e4f681b

  • SSDEEP

    768:tQbuQRy2UjmUndnlTttxDn+3jiSkjRY6AB7kKfYoJ+ifBEewzKOwkV:QuQRylaUDTDxDXjy6AB7koYy2TT

Malware Config

Targets

    • Target

      a81b318fbfd733366340305a6f77bd73e879049b26d1a5e42c3e59f424fe822e

    • Size

      34KB

    • MD5

      43641196e0d4c8995133d4d3c721a0c4

    • SHA1

      422ef769e8eaf0ef26ebb71b43d3f762a25dadce

    • SHA256

      a81b318fbfd733366340305a6f77bd73e879049b26d1a5e42c3e59f424fe822e

    • SHA512

      eb00d08f1dbcf2aed302d4499d6589ff1e5f73ad7986804668d0c2a0b0c1009e2f4c556a386e4340a789098f32604e6f3c4ac286a3a66c72ae94a96a2e4f681b

    • SSDEEP

      768:tQbuQRy2UjmUndnlTttxDn+3jiSkjRY6AB7kKfYoJ+ifBEewzKOwkV:QuQRylaUDTDxDXjy6AB7koYy2TT

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks