General
-
Target
afcc2e8247aeb05e419d75c73490a1a12809167149b4923291474db0133ce6c4.exe
-
Size
81KB
-
Sample
241122-l774csvlcm
-
MD5
c5e3582d0eb9a810089dbbf3d5dcf9cb
-
SHA1
407a1a566d75fbc2fd2ce11df7f767a74ff9be8b
-
SHA256
afcc2e8247aeb05e419d75c73490a1a12809167149b4923291474db0133ce6c4
-
SHA512
b6df05ab71a093b44a166feae046106fad2df51d76e1d17fe52f0f0f5268ffbfa5f77afb7b8e58660216f5752c8b3ca0b2f691fcec63c9018680bd857f597453
-
SSDEEP
1536:BteqGDlXvCDB04f5Gn/L8ZlALNtnd17i9wD:Olg35GTclABtnDi9wD
Malware Config
Targets
-
-
Target
afcc2e8247aeb05e419d75c73490a1a12809167149b4923291474db0133ce6c4.exe
-
Size
81KB
-
MD5
c5e3582d0eb9a810089dbbf3d5dcf9cb
-
SHA1
407a1a566d75fbc2fd2ce11df7f767a74ff9be8b
-
SHA256
afcc2e8247aeb05e419d75c73490a1a12809167149b4923291474db0133ce6c4
-
SHA512
b6df05ab71a093b44a166feae046106fad2df51d76e1d17fe52f0f0f5268ffbfa5f77afb7b8e58660216f5752c8b3ca0b2f691fcec63c9018680bd857f597453
-
SSDEEP
1536:BteqGDlXvCDB04f5Gn/L8ZlALNtnd17i9wD:Olg35GTclABtnDi9wD
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1