General
-
Target
sample
-
Size
19KB
-
Sample
241121-st8lasxpam
-
MD5
68628bcef9e9d2249327186618941e46
-
SHA1
2f2f8cd52577f1b07c3ac227e8695dc1a4491926
-
SHA256
57b5412593ff199f62558b540e70d371fecd7cdf4173af9c42d792bb7282e37a
-
SHA512
d30f262138a17e0c94737341e3be6403742fc8b5f2dd92265c81cc117a4fa9d43d11ba99db7c923fae56aeebe2bde1df277c1c4d8d351815b7b5480371f6dd2c
-
SSDEEP
384:r5t41ocy4A4lbGadD8vhpNLlR4p7RlObz6r0sZTL2f11xCejiw:r5y1ocy4vEaR8JpNBRdbz6r0sZTLUzxN
Malware Config
Targets
-
-
Target
sample
-
Size
19KB
-
MD5
68628bcef9e9d2249327186618941e46
-
SHA1
2f2f8cd52577f1b07c3ac227e8695dc1a4491926
-
SHA256
57b5412593ff199f62558b540e70d371fecd7cdf4173af9c42d792bb7282e37a
-
SHA512
d30f262138a17e0c94737341e3be6403742fc8b5f2dd92265c81cc117a4fa9d43d11ba99db7c923fae56aeebe2bde1df277c1c4d8d351815b7b5480371f6dd2c
-
SSDEEP
384:r5t41ocy4A4lbGadD8vhpNLlR4p7RlObz6r0sZTL2f11xCejiw:r5y1ocy4vEaR8JpNBRdbz6r0sZTLUzxN
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Disables RegEdit via registry modification
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3