General
-
Target
f7c76bf1ebecdb528102af8ab268426a9b1ea49f3b2810c0b9095abc9a08e7ceN.exe
-
Size
33KB
-
Sample
241119-rdt8as1qfm
-
MD5
bf32cec5dfaf81964dfc0b0f0b4b2c20
-
SHA1
338b25ffa4c2b2fc172aeb41e05105b8f3cf2e06
-
SHA256
f7c76bf1ebecdb528102af8ab268426a9b1ea49f3b2810c0b9095abc9a08e7ce
-
SHA512
9aff436852c333b6535fcd4b20c9be6f9d2319faf99ea00f5f3d5500ad9ba09351563e5ebb10ceac406e53e582f564a979bc7d80dddad74f238e4cb60ea115ad
-
SSDEEP
768:UEzNbLcQ9qQuVriDMuyuruTD0qB77777J77c77c77c7nOTBI/M+:l3h9qQA6hZunrB77777J77c77c77c7OW
Malware Config
Targets
-
-
Target
f7c76bf1ebecdb528102af8ab268426a9b1ea49f3b2810c0b9095abc9a08e7ceN.exe
-
Size
33KB
-
MD5
bf32cec5dfaf81964dfc0b0f0b4b2c20
-
SHA1
338b25ffa4c2b2fc172aeb41e05105b8f3cf2e06
-
SHA256
f7c76bf1ebecdb528102af8ab268426a9b1ea49f3b2810c0b9095abc9a08e7ce
-
SHA512
9aff436852c333b6535fcd4b20c9be6f9d2319faf99ea00f5f3d5500ad9ba09351563e5ebb10ceac406e53e582f564a979bc7d80dddad74f238e4cb60ea115ad
-
SSDEEP
768:UEzNbLcQ9qQuVriDMuyuruTD0qB77777J77c77c77c7nOTBI/M+:l3h9qQA6hZunrB77777J77c77c77c7OW
Score10/10-
Modifies WinLogon for persistence
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1