General

  • Target

    a273e0b37fa8415a307fbc9fc6d5f035f590ae555603b0247a70a259ac7bdb65N.exe

  • Size

    88KB

  • Sample

    241117-kjld1svpas

  • MD5

    2598a89ce47ecce4e09b6532b4e2bce0

  • SHA1

    400d9fe7114b24ea015ace7a947f366ab29604ca

  • SHA256

    a273e0b37fa8415a307fbc9fc6d5f035f590ae555603b0247a70a259ac7bdb65

  • SHA512

    8b14d4aeda3d9c34a35164181b1bd1a4cc8a7d7217ef4dc9d98b42202ef868e6910491ef4acbc8803aa61c194161853571f74a2b0ce3567d95e0350ba1c6349c

  • SSDEEP

    1536:x0Y9WV32pau5gV62++Kf/vw/d5Uh4AGB+:x0wQ32Qu5A62++Kf/Y/d5Uh4AL

Malware Config

Targets

    • Target

      a273e0b37fa8415a307fbc9fc6d5f035f590ae555603b0247a70a259ac7bdb65N.exe

    • Size

      88KB

    • MD5

      2598a89ce47ecce4e09b6532b4e2bce0

    • SHA1

      400d9fe7114b24ea015ace7a947f366ab29604ca

    • SHA256

      a273e0b37fa8415a307fbc9fc6d5f035f590ae555603b0247a70a259ac7bdb65

    • SHA512

      8b14d4aeda3d9c34a35164181b1bd1a4cc8a7d7217ef4dc9d98b42202ef868e6910491ef4acbc8803aa61c194161853571f74a2b0ce3567d95e0350ba1c6349c

    • SSDEEP

      1536:x0Y9WV32pau5gV62++Kf/vw/d5Uh4AGB+:x0wQ32Qu5A62++Kf/Y/d5Uh4AL

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks