General
-
Target
8af856660b172fe5f6298d92edae54536747d4be7f85021cf9e606a4ae2d991a
-
Size
70KB
-
Sample
241122-b7n1daxqaj
-
MD5
abfdd32a51fe59995e42608016333003
-
SHA1
bcb73facc6574a4976758f533aa6dda2502db830
-
SHA256
8af856660b172fe5f6298d92edae54536747d4be7f85021cf9e606a4ae2d991a
-
SHA512
b1992ea66d1157bfc0ae75a635958cd15f823fa630f7e75d321c0c690b8d0ccc4b3b74ac61811fa4b5f91a84079b73c5a07fb51e0011083c3d6676286eefa6a6
-
SSDEEP
1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw86M1:Olg35GTslA5t3/w86Y
Malware Config
Targets
-
-
Target
8af856660b172fe5f6298d92edae54536747d4be7f85021cf9e606a4ae2d991a
-
Size
70KB
-
MD5
abfdd32a51fe59995e42608016333003
-
SHA1
bcb73facc6574a4976758f533aa6dda2502db830
-
SHA256
8af856660b172fe5f6298d92edae54536747d4be7f85021cf9e606a4ae2d991a
-
SHA512
b1992ea66d1157bfc0ae75a635958cd15f823fa630f7e75d321c0c690b8d0ccc4b3b74ac61811fa4b5f91a84079b73c5a07fb51e0011083c3d6676286eefa6a6
-
SSDEEP
1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw86M1:Olg35GTslA5t3/w86Y
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1