General
-
Target
a54efbb811ae888e3498d28d2d290e12b9217a072fb12344ea8191b9d4285571
-
Size
81KB
-
Sample
241121-er24vatjfl
-
MD5
82fc9b3db62711ab7a4dd1d0c51b4f0e
-
SHA1
58a25c31f53d72ef0ee9367c3348c002761fef0f
-
SHA256
a54efbb811ae888e3498d28d2d290e12b9217a072fb12344ea8191b9d4285571
-
SHA512
a9b5f5dfceca08b11913194a0961f871b5927bac9908cdf15d2990f6fcc94fb51773170816cfce446d28d332b29e4516920922454df693a991b01be4a2105e8e
-
SSDEEP
1536:BteqGDlXvCDB04f5Gn/L8ZlALNtnd17i9wl:Olg35GTclABtnDi9wl
Malware Config
Targets
-
-
Target
a54efbb811ae888e3498d28d2d290e12b9217a072fb12344ea8191b9d4285571
-
Size
81KB
-
MD5
82fc9b3db62711ab7a4dd1d0c51b4f0e
-
SHA1
58a25c31f53d72ef0ee9367c3348c002761fef0f
-
SHA256
a54efbb811ae888e3498d28d2d290e12b9217a072fb12344ea8191b9d4285571
-
SHA512
a9b5f5dfceca08b11913194a0961f871b5927bac9908cdf15d2990f6fcc94fb51773170816cfce446d28d332b29e4516920922454df693a991b01be4a2105e8e
-
SSDEEP
1536:BteqGDlXvCDB04f5Gn/L8ZlALNtnd17i9wl:Olg35GTclABtnDi9wl
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1