General
-
Target
a682ca54976034954cf37942a5af3e8d4004fcad800ee3f0e8374b2858a312e4
-
Size
81KB
-
Sample
241122-dcn31asrcz
-
MD5
ddd373fcb79591bde864941b65d905c7
-
SHA1
32f427208c621919cc466a32cc25b462f9c02e4c
-
SHA256
a682ca54976034954cf37942a5af3e8d4004fcad800ee3f0e8374b2858a312e4
-
SHA512
c951a2ba1d7d0c08888b03ef9ab9541a72e98ddf033839df301aaf16c24540453014fb9936369d603b3a2a09af85a4012430682172757da00a9226c43c187b9c
-
SSDEEP
1536:BteqGDlXvCDB04f5Gn/L8ZlALNtnd17i9wk:Olg35GTclABtnDi9wk
Malware Config
Targets
-
-
Target
a682ca54976034954cf37942a5af3e8d4004fcad800ee3f0e8374b2858a312e4
-
Size
81KB
-
MD5
ddd373fcb79591bde864941b65d905c7
-
SHA1
32f427208c621919cc466a32cc25b462f9c02e4c
-
SHA256
a682ca54976034954cf37942a5af3e8d4004fcad800ee3f0e8374b2858a312e4
-
SHA512
c951a2ba1d7d0c08888b03ef9ab9541a72e98ddf033839df301aaf16c24540453014fb9936369d603b3a2a09af85a4012430682172757da00a9226c43c187b9c
-
SSDEEP
1536:BteqGDlXvCDB04f5Gn/L8ZlALNtnd17i9wk:Olg35GTclABtnDi9wk
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1