General
-
Target
client.py
-
Size
647B
-
Sample
241120-yn95tssgqk
-
MD5
ae2b21d6b8594cb9d0d8c0adcdd3490d
-
SHA1
25128e6979d4137e3f327ed259b506f01db0df7e
-
SHA256
24551bdf49c9893f3bbf05e0472cedc50bdd0b923e0db8696f96c082f30785c0
-
SHA512
0be6337dc641857fbc69e4a140f6e8b86494eb29ec9add1a0f3082fb5d18657c101f4f3776c3b4a0385532cd9bc106bda4065ea40c1dbfa9282f5fbea8cd7c74
Malware Config
Targets
-
-
Target
client.py
-
Size
647B
-
MD5
ae2b21d6b8594cb9d0d8c0adcdd3490d
-
SHA1
25128e6979d4137e3f327ed259b506f01db0df7e
-
SHA256
24551bdf49c9893f3bbf05e0472cedc50bdd0b923e0db8696f96c082f30785c0
-
SHA512
0be6337dc641857fbc69e4a140f6e8b86494eb29ec9add1a0f3082fb5d18657c101f4f3776c3b4a0385532cd9bc106bda4065ea40c1dbfa9282f5fbea8cd7c74
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Disables RegEdit via registry modification
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4