General

  • Target

    745384a157bceea6d773b8e8b329ae3d4440be3466c5873c9ac90ce97ca94667

  • Size

    21KB

  • Sample

    241117-g7nmhatemm

  • MD5

    7b8b8f1a27af3bd206e7e81748b81dc0

  • SHA1

    3f289e1051d4035d10a9de89b30fd55988953882

  • SHA256

    745384a157bceea6d773b8e8b329ae3d4440be3466c5873c9ac90ce97ca94667

  • SHA512

    3e5558a8f705d5ae08a7489eab3328f9855c500d79ffb6f06e0c1367edefceaf74bd8a576515d13f14fd91c8d24cef8bd130a8985f906020d01cc4d36f35ff70

  • SSDEEP

    384:jIz443QKj5PSEzOJS0rEPAexyQVogZrY2+7BmsnWmDFho3y25YSAM:jIUSbS0gFYPAexyQSgOj7IDBipM

Malware Config

Targets

    • Target

      745384a157bceea6d773b8e8b329ae3d4440be3466c5873c9ac90ce97ca94667

    • Size

      21KB

    • MD5

      7b8b8f1a27af3bd206e7e81748b81dc0

    • SHA1

      3f289e1051d4035d10a9de89b30fd55988953882

    • SHA256

      745384a157bceea6d773b8e8b329ae3d4440be3466c5873c9ac90ce97ca94667

    • SHA512

      3e5558a8f705d5ae08a7489eab3328f9855c500d79ffb6f06e0c1367edefceaf74bd8a576515d13f14fd91c8d24cef8bd130a8985f906020d01cc4d36f35ff70

    • SSDEEP

      384:jIz443QKj5PSEzOJS0rEPAexyQVogZrY2+7BmsnWmDFho3y25YSAM:jIUSbS0gFYPAexyQSgOj7IDBipM

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks