General

  • Target

    92c8a42de1dd37a8e26096e300de041029594e5fb16f5ad01cadb0bace1037eb

  • Size

    81KB

  • Sample

    241117-jbcapstnft

  • MD5

    3e26f187dc7beea7d0a792a347e5ce26

  • SHA1

    4580dfccf5e0d151a5b25d87ef44d9e084083896

  • SHA256

    92c8a42de1dd37a8e26096e300de041029594e5fb16f5ad01cadb0bace1037eb

  • SHA512

    d16a6819e9b975554fc257f68cff3c299bb51a8b93933c592d9b74dac45580496c7cef6b0cd2602347bad2d36a35585c50b33983e3b3e96b7aa67e240ef99db4

  • SSDEEP

    1536:BteqGDlXvCDB04f5Gn/L8ZlALNtnd17i9wz:Olg35GTclABtnDi9wz

Malware Config

Targets

    • Target

      92c8a42de1dd37a8e26096e300de041029594e5fb16f5ad01cadb0bace1037eb

    • Size

      81KB

    • MD5

      3e26f187dc7beea7d0a792a347e5ce26

    • SHA1

      4580dfccf5e0d151a5b25d87ef44d9e084083896

    • SHA256

      92c8a42de1dd37a8e26096e300de041029594e5fb16f5ad01cadb0bace1037eb

    • SHA512

      d16a6819e9b975554fc257f68cff3c299bb51a8b93933c592d9b74dac45580496c7cef6b0cd2602347bad2d36a35585c50b33983e3b3e96b7aa67e240ef99db4

    • SSDEEP

      1536:BteqGDlXvCDB04f5Gn/L8ZlALNtnd17i9wz:Olg35GTclABtnDi9wz

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks