General

  • Target

    4edcf75cb2ea7a2be22f72ba972d8b2749129123fb06a9cf3aa3424e0577c976N.exe

  • Size

    49KB

  • Sample

    241117-q3ey8s1fnm

  • MD5

    99db74e6b8f17f919042a9b8c3ddbfa0

  • SHA1

    dcf14d5f246d649e3e781d43088f9d61bea83dd5

  • SHA256

    4edcf75cb2ea7a2be22f72ba972d8b2749129123fb06a9cf3aa3424e0577c976

  • SHA512

    7083b0af9d7e56011ec79157b77283f458e97f87ebdb74bd8257511cb9a5fce85ba590ea729ee58b51f453213175a07579763bb4d0bba86967d1fdd1cb29f75a

  • SSDEEP

    768:jIUWEPjngBnD/nrpPlOs6tSTMHhORSkVZWodeYmPVIdJ:jsAnGj9PkLST+WSkVZWycPVKJ

Malware Config

Targets

    • Target

      4edcf75cb2ea7a2be22f72ba972d8b2749129123fb06a9cf3aa3424e0577c976N.exe

    • Size

      49KB

    • MD5

      99db74e6b8f17f919042a9b8c3ddbfa0

    • SHA1

      dcf14d5f246d649e3e781d43088f9d61bea83dd5

    • SHA256

      4edcf75cb2ea7a2be22f72ba972d8b2749129123fb06a9cf3aa3424e0577c976

    • SHA512

      7083b0af9d7e56011ec79157b77283f458e97f87ebdb74bd8257511cb9a5fce85ba590ea729ee58b51f453213175a07579763bb4d0bba86967d1fdd1cb29f75a

    • SSDEEP

      768:jIUWEPjngBnD/nrpPlOs6tSTMHhORSkVZWodeYmPVIdJ:jsAnGj9PkLST+WSkVZWycPVKJ

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks