General
-
Target
25e9dbc2714ff9cb9c772f58f20d0c68ea7b07b3461a0662ddf17dcac11931a4N.exe
-
Size
48KB
-
Sample
241121-n83w5s1frb
-
MD5
6314a8724bfb3888afea7db6018864d0
-
SHA1
bbab8110bc06bb560ad9a7f5c08e3815f4188332
-
SHA256
25e9dbc2714ff9cb9c772f58f20d0c68ea7b07b3461a0662ddf17dcac11931a4
-
SHA512
db9d0f8ceb731e68b2cca2c67d9cbfeda28a481b470ef45c624970da075a87f2e228fecb01a1de6b12b9f8875e5a27be05520b7b2a4ec1f1eb947bae0ed72c14
-
SSDEEP
768:jIUi3V5kBPm9TSj1MXo2v8kziq/XDyB/Sa9f:jEV5wCSWv8im0aV
Malware Config
Targets
-
-
Target
25e9dbc2714ff9cb9c772f58f20d0c68ea7b07b3461a0662ddf17dcac11931a4N.exe
-
Size
48KB
-
MD5
6314a8724bfb3888afea7db6018864d0
-
SHA1
bbab8110bc06bb560ad9a7f5c08e3815f4188332
-
SHA256
25e9dbc2714ff9cb9c772f58f20d0c68ea7b07b3461a0662ddf17dcac11931a4
-
SHA512
db9d0f8ceb731e68b2cca2c67d9cbfeda28a481b470ef45c624970da075a87f2e228fecb01a1de6b12b9f8875e5a27be05520b7b2a4ec1f1eb947bae0ed72c14
-
SSDEEP
768:jIUi3V5kBPm9TSj1MXo2v8kziq/XDyB/Sa9f:jEV5wCSWv8im0aV
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1