General

  • Target

    621f7e3d68bb323d2c15ec0fb7c0179777f043e422b50c95f63f2df7d8d98dd2N.exe

  • Size

    21KB

  • Sample

    241117-jlnrgsvejd

  • MD5

    0643c1499ac752463c8a2a73cfb48c50

  • SHA1

    376c54b1e74b5539f6fae10b88cb38f3de997ec8

  • SHA256

    621f7e3d68bb323d2c15ec0fb7c0179777f043e422b50c95f63f2df7d8d98dd2

  • SHA512

    04a88bb1ca4f3fb5dca75f5b224640eae6f71c18f740b7714a3fd2eb92f15720b0f6fb72e2a4d73821dc9c6e6b2963adecf246a40ff3700e5ab75563ba8cc1fe

  • SSDEEP

    384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvX8Mb7a6hNOQ:rRkiLw3HsDSARGG/MMb7rnOQ

Malware Config

Targets

    • Target

      621f7e3d68bb323d2c15ec0fb7c0179777f043e422b50c95f63f2df7d8d98dd2N.exe

    • Size

      21KB

    • MD5

      0643c1499ac752463c8a2a73cfb48c50

    • SHA1

      376c54b1e74b5539f6fae10b88cb38f3de997ec8

    • SHA256

      621f7e3d68bb323d2c15ec0fb7c0179777f043e422b50c95f63f2df7d8d98dd2

    • SHA512

      04a88bb1ca4f3fb5dca75f5b224640eae6f71c18f740b7714a3fd2eb92f15720b0f6fb72e2a4d73821dc9c6e6b2963adecf246a40ff3700e5ab75563ba8cc1fe

    • SSDEEP

      384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvX8Mb7a6hNOQ:rRkiLw3HsDSARGG/MMb7rnOQ

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks