General
-
Target
94b603e114d7ad8e79fcf84b713a2dfcef48b9f4a9e7337030490cc8b63076a4
-
Size
81KB
-
Sample
241122-cjra9sskax
-
MD5
d87ab8d71d0befcf97036180cb353779
-
SHA1
14ed86da0877d4230ca52338c6bc19ad161fb9a0
-
SHA256
94b603e114d7ad8e79fcf84b713a2dfcef48b9f4a9e7337030490cc8b63076a4
-
SHA512
790ced3ab2f043b5f8b8d027f8b436df44d39fa364a0dab51a8b9b6a0960cdae44a30fdaa2c1fc13b97d11c877bc338c3cd68bc36903bbd514fc5d0d43988cec
-
SSDEEP
1536:BteqGDlXvCDB04f5Gn/L8ZlALNtnd17i9wC:Olg35GTclABtnDi9wC
Malware Config
Targets
-
-
Target
94b603e114d7ad8e79fcf84b713a2dfcef48b9f4a9e7337030490cc8b63076a4
-
Size
81KB
-
MD5
d87ab8d71d0befcf97036180cb353779
-
SHA1
14ed86da0877d4230ca52338c6bc19ad161fb9a0
-
SHA256
94b603e114d7ad8e79fcf84b713a2dfcef48b9f4a9e7337030490cc8b63076a4
-
SHA512
790ced3ab2f043b5f8b8d027f8b436df44d39fa364a0dab51a8b9b6a0960cdae44a30fdaa2c1fc13b97d11c877bc338c3cd68bc36903bbd514fc5d0d43988cec
-
SSDEEP
1536:BteqGDlXvCDB04f5Gn/L8ZlALNtnd17i9wC:Olg35GTclABtnDi9wC
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1