General
-
Target
f047245ab51de5214c3261f783d35cbf8f0433b2ceffa565aba3d71b25be579a
-
Size
68KB
-
Sample
241121-nkn33s1elg
-
MD5
7691aa28003988f89e254ed84d0d89a7
-
SHA1
4db0424907adeab1f71ca061a53fe52feddcd1bf
-
SHA256
f047245ab51de5214c3261f783d35cbf8f0433b2ceffa565aba3d71b25be579a
-
SHA512
c588fd8d211c1fa011bf515af4b849e2a9419bb6a243f2aaef116dd3311269a9d64391a274df6589118a94a2922360e9a0c56d734f85870ca2ac51fcf48b8153
-
SSDEEP
1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8MI:Olg35GTslA5t3/w8MI
Malware Config
Targets
-
-
Target
f047245ab51de5214c3261f783d35cbf8f0433b2ceffa565aba3d71b25be579a
-
Size
68KB
-
MD5
7691aa28003988f89e254ed84d0d89a7
-
SHA1
4db0424907adeab1f71ca061a53fe52feddcd1bf
-
SHA256
f047245ab51de5214c3261f783d35cbf8f0433b2ceffa565aba3d71b25be579a
-
SHA512
c588fd8d211c1fa011bf515af4b849e2a9419bb6a243f2aaef116dd3311269a9d64391a274df6589118a94a2922360e9a0c56d734f85870ca2ac51fcf48b8153
-
SSDEEP
1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8MI:Olg35GTslA5t3/w8MI
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1