General
-
Target
8234f60cfbfae39174415f9d4abbfc21453f9f31e5548f13636ea9faa0b67820
-
Size
206KB
-
Sample
241121-bgfw3s1rhj
-
MD5
6866f46c7116c1edc78a09acb11e0e77
-
SHA1
e2d6836eb5a222a1087d463094140808758e2718
-
SHA256
8234f60cfbfae39174415f9d4abbfc21453f9f31e5548f13636ea9faa0b67820
-
SHA512
353533dcafe8196ee4fc751f5d4bc28fa23ea6318b809ec6aee74bbd462c9f1434b3b14ab00e608d9eb8be9772701b1b8e1525819c41f670e1a303b76e140e0d
-
SSDEEP
3072:5vEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unv:5vEN2U+T6i5LirrllHy4HUcMQY6E
Malware Config
Targets
-
-
Target
8234f60cfbfae39174415f9d4abbfc21453f9f31e5548f13636ea9faa0b67820
-
Size
206KB
-
MD5
6866f46c7116c1edc78a09acb11e0e77
-
SHA1
e2d6836eb5a222a1087d463094140808758e2718
-
SHA256
8234f60cfbfae39174415f9d4abbfc21453f9f31e5548f13636ea9faa0b67820
-
SHA512
353533dcafe8196ee4fc751f5d4bc28fa23ea6318b809ec6aee74bbd462c9f1434b3b14ab00e608d9eb8be9772701b1b8e1525819c41f670e1a303b76e140e0d
-
SSDEEP
3072:5vEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unv:5vEN2U+T6i5LirrllHy4HUcMQY6E
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4