General
-
Target
Insta乗っ取り.exe
-
Size
12.8MB
-
Sample
241126-p2zrksyjcl
-
MD5
82257be1736aee6d3ef49de226f11671
-
SHA1
84c4dc5aca17f73938a52301838efc3a2708f029
-
SHA256
b3f6008da82dde6bb604020a51b04580e7de9a4024ffbaceb9d2720164ff58f8
-
SHA512
a0cc1eaf7c557c004178f16ecf0f1a89d4a35f0102ca409850236159a21c152a89ede9d5ff65c8b395326aa1c14e8934311a8f67aec099aed5836fbedc4743f7
-
SSDEEP
393216:0Yzlg4gehlYs4S1sow440korYO+BJCW2:1l3MoJvrYOkg
Malware Config
Targets
-
-
Target
Insta乗っ取り.exe
-
Size
12.8MB
-
MD5
82257be1736aee6d3ef49de226f11671
-
SHA1
84c4dc5aca17f73938a52301838efc3a2708f029
-
SHA256
b3f6008da82dde6bb604020a51b04580e7de9a4024ffbaceb9d2720164ff58f8
-
SHA512
a0cc1eaf7c557c004178f16ecf0f1a89d4a35f0102ca409850236159a21c152a89ede9d5ff65c8b395326aa1c14e8934311a8f67aec099aed5836fbedc4743f7
-
SSDEEP
393216:0Yzlg4gehlYs4S1sow440korYO+BJCW2:1l3MoJvrYOkg
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Account Manipulation
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1