General
-
Target
bc80027b9421054910b56445bb8d992e906a1ee4f0f37e3da1794a6e2f468776N.exe
-
Size
124KB
-
Sample
241126-bflqyaspbk
-
MD5
7301a13438e193ea4b7aadf5aad3b6f0
-
SHA1
25494de14aaebabdbc4ffbf6e5d999cc1cd85cfa
-
SHA256
bc80027b9421054910b56445bb8d992e906a1ee4f0f37e3da1794a6e2f468776
-
SHA512
c8cd44e770d958cc5080870f62ad495c37be09c4bdba9607b9731a37fdbe2f725ab362ac911f75b54032c93f739251d1671ff282a7d2053066aa968039e58239
-
SSDEEP
1536:JFq8QHPxGOETRmXknwIE5HpYFVL1tQnO1I4/3cJkobihyCe:LSPxGOETYSEvIPeO1IOcJRbx
Malware Config
Targets
-
-
Target
bc80027b9421054910b56445bb8d992e906a1ee4f0f37e3da1794a6e2f468776N.exe
-
Size
124KB
-
MD5
7301a13438e193ea4b7aadf5aad3b6f0
-
SHA1
25494de14aaebabdbc4ffbf6e5d999cc1cd85cfa
-
SHA256
bc80027b9421054910b56445bb8d992e906a1ee4f0f37e3da1794a6e2f468776
-
SHA512
c8cd44e770d958cc5080870f62ad495c37be09c4bdba9607b9731a37fdbe2f725ab362ac911f75b54032c93f739251d1671ff282a7d2053066aa968039e58239
-
SSDEEP
1536:JFq8QHPxGOETRmXknwIE5HpYFVL1tQnO1I4/3cJkobihyCe:LSPxGOETYSEvIPeO1IOcJRbx
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Sets service image path in registry
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
4