General

  • Target

    4cb59426bfb50083d86c4bc33245d9bff2d39427f822698cb27a6ca9b7f853edN.exe

  • Size

    36KB

  • Sample

    241117-kzf48svrew

  • MD5

    0b11fdc88a892fa5ccc1f58e55d025f0

  • SHA1

    9ae33af2368fd9ab575eacd2930893f1af5ec788

  • SHA256

    4cb59426bfb50083d86c4bc33245d9bff2d39427f822698cb27a6ca9b7f853ed

  • SHA512

    38979069c6e9d714a28b10b9b1ac76fe58039d4d9084a42b0e5e241d14b6071070fb663097022502cf5daf0a0699e2b20458a16fc217c8b71e8c463e4a77e68b

  • SSDEEP

    768:sIUdWLhl/xnmbXThNN0EE2Im+GJMzwzPIN6vBaenE4Cue3uD:seL7xnmXN0jPbUzQ95TreD

Malware Config

Targets

    • Target

      4cb59426bfb50083d86c4bc33245d9bff2d39427f822698cb27a6ca9b7f853edN.exe

    • Size

      36KB

    • MD5

      0b11fdc88a892fa5ccc1f58e55d025f0

    • SHA1

      9ae33af2368fd9ab575eacd2930893f1af5ec788

    • SHA256

      4cb59426bfb50083d86c4bc33245d9bff2d39427f822698cb27a6ca9b7f853ed

    • SHA512

      38979069c6e9d714a28b10b9b1ac76fe58039d4d9084a42b0e5e241d14b6071070fb663097022502cf5daf0a0699e2b20458a16fc217c8b71e8c463e4a77e68b

    • SSDEEP

      768:sIUdWLhl/xnmbXThNN0EE2Im+GJMzwzPIN6vBaenE4Cue3uD:seL7xnmXN0jPbUzQ95TreD

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks