General
-
Target
64fc4c4a3b1aa4fc68f6fe7ec93fca6c5e1fc3c324c91e6a381fa2e3bff118ae
-
Size
88KB
-
Sample
241120-3n66dswanf
-
MD5
d27f881e3ba08db6f564a223d983fe6b
-
SHA1
6d9f70f5afc0faad40ea8ae460df9131258de158
-
SHA256
64fc4c4a3b1aa4fc68f6fe7ec93fca6c5e1fc3c324c91e6a381fa2e3bff118ae
-
SHA512
702dc6f675b46cacdcaa10b81763cfc77b62594b47ec19b9d7e6a36448b04b3b357ed8888a2349df8ca4602ac389ef7fabdb4f608f8771be2e13871b742b4a08
-
SSDEEP
1536:suajDPMGd66ayZ/zko42j99ORmWMdvsBSTdpz5YrlcxVT2:/aXEQZ/zko42j99OoWyV/PT2
Malware Config
Targets
-
-
Target
64fc4c4a3b1aa4fc68f6fe7ec93fca6c5e1fc3c324c91e6a381fa2e3bff118ae
-
Size
88KB
-
MD5
d27f881e3ba08db6f564a223d983fe6b
-
SHA1
6d9f70f5afc0faad40ea8ae460df9131258de158
-
SHA256
64fc4c4a3b1aa4fc68f6fe7ec93fca6c5e1fc3c324c91e6a381fa2e3bff118ae
-
SHA512
702dc6f675b46cacdcaa10b81763cfc77b62594b47ec19b9d7e6a36448b04b3b357ed8888a2349df8ca4602ac389ef7fabdb4f608f8771be2e13871b742b4a08
-
SSDEEP
1536:suajDPMGd66ayZ/zko42j99ORmWMdvsBSTdpz5YrlcxVT2:/aXEQZ/zko42j99OoWyV/PT2
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1