General

  • Target

    c09e1a35ea35ccb0436ae3f732c53e79f7e916c62a031d2a6f7a016d37a599f3

  • Size

    49KB

  • Sample

    241117-kwa4tazrbm

  • MD5

    95adad2137b3f9e67fa6b15143dec0a7

  • SHA1

    26462e254869ecfd4a68c95e0523216c54544098

  • SHA256

    c09e1a35ea35ccb0436ae3f732c53e79f7e916c62a031d2a6f7a016d37a599f3

  • SHA512

    51b5562358c0963883f914c3b9f11cdfe85b1e19d13b6fbfa599d826c033404b098e358606145829b2f05e913ec0210af432a52c809373ca312234be3916726a

  • SSDEEP

    768:jIUidxNet9ygRCmpTtlXTXmJPcRjwnU/AfzJU+NqEFlLKLNzHryi:jrPt1XDmJkiNLuZrryi

Malware Config

Targets

    • Target

      c09e1a35ea35ccb0436ae3f732c53e79f7e916c62a031d2a6f7a016d37a599f3

    • Size

      49KB

    • MD5

      95adad2137b3f9e67fa6b15143dec0a7

    • SHA1

      26462e254869ecfd4a68c95e0523216c54544098

    • SHA256

      c09e1a35ea35ccb0436ae3f732c53e79f7e916c62a031d2a6f7a016d37a599f3

    • SHA512

      51b5562358c0963883f914c3b9f11cdfe85b1e19d13b6fbfa599d826c033404b098e358606145829b2f05e913ec0210af432a52c809373ca312234be3916726a

    • SSDEEP

      768:jIUidxNet9ygRCmpTtlXTXmJPcRjwnU/AfzJU+NqEFlLKLNzHryi:jrPt1XDmJkiNLuZrryi

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks