General

  • Target

    c010c31d3130117990b429219acdea990161f5c15f17217bf37e408739e07d2c.exe

  • Size

    30KB

  • Sample

    241122-k4km8axraw

  • MD5

    342c4c4f892f98b00b29035f9e483e10

  • SHA1

    01323c60ad0f23039a8dee51c86c550d0b971519

  • SHA256

    c010c31d3130117990b429219acdea990161f5c15f17217bf37e408739e07d2c

  • SHA512

    b7d14a3eefb27871caa5cd6550731ff30dc3e174f78d089405edefd8b9ef22f31ec47ee44bc3f12ffde5e0ea2c54cd1061eb1f41e8ff82cb73389042b682f423

  • SSDEEP

    768:tQbuQRy2UjmUndnlTttxDn+3jiSkjRY6AB7kKfYoJ+ifBEewqu:QuQRylaUDTDxDXjy6AB7koYy2Gu

Malware Config

Targets

    • Target

      c010c31d3130117990b429219acdea990161f5c15f17217bf37e408739e07d2c.exe

    • Size

      30KB

    • MD5

      342c4c4f892f98b00b29035f9e483e10

    • SHA1

      01323c60ad0f23039a8dee51c86c550d0b971519

    • SHA256

      c010c31d3130117990b429219acdea990161f5c15f17217bf37e408739e07d2c

    • SHA512

      b7d14a3eefb27871caa5cd6550731ff30dc3e174f78d089405edefd8b9ef22f31ec47ee44bc3f12ffde5e0ea2c54cd1061eb1f41e8ff82cb73389042b682f423

    • SSDEEP

      768:tQbuQRy2UjmUndnlTttxDn+3jiSkjRY6AB7kKfYoJ+ifBEewqu:QuQRylaUDTDxDXjy6AB7koYy2Gu

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks