General

  • Target

    28699bc835568e4b34a52fab3ce19a81d9e4cfa375c4c6225712ba3783c88c53

  • Size

    63KB

  • Sample

    241121-zhmb9asjcl

  • MD5

    f38b77863edd34f621504f43de3f21f1

  • SHA1

    08e45197c7a96f1767fb5336ce7557a9de317c85

  • SHA256

    28699bc835568e4b34a52fab3ce19a81d9e4cfa375c4c6225712ba3783c88c53

  • SHA512

    2f6cb7b3165c4c3171c24c65b7397d22cca158599c0c8cac3fa7808529485ec872ac43df3a07d0f2cf07bc7811f35ac7b8ca0c4059a5d8434d8ef65bc6bfd549

  • SSDEEP

    768:LAUJmQCcmLCXQq6fsKiJYsIkjJVzqsVG5kuGyLddOW/CtNKB4Ejv:MUNHFKQbIkHvGtdO9K+Wv

Malware Config

Targets

    • Target

      28699bc835568e4b34a52fab3ce19a81d9e4cfa375c4c6225712ba3783c88c53

    • Size

      63KB

    • MD5

      f38b77863edd34f621504f43de3f21f1

    • SHA1

      08e45197c7a96f1767fb5336ce7557a9de317c85

    • SHA256

      28699bc835568e4b34a52fab3ce19a81d9e4cfa375c4c6225712ba3783c88c53

    • SHA512

      2f6cb7b3165c4c3171c24c65b7397d22cca158599c0c8cac3fa7808529485ec872ac43df3a07d0f2cf07bc7811f35ac7b8ca0c4059a5d8434d8ef65bc6bfd549

    • SSDEEP

      768:LAUJmQCcmLCXQq6fsKiJYsIkjJVzqsVG5kuGyLddOW/CtNKB4Ejv:MUNHFKQbIkHvGtdO9K+Wv

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks