General
-
Target
88eaa3c9b225811421a5e00376e452c9826d29e98c772f73e9d6be28051dcfc6.exe
-
Size
80KB
-
Sample
241203-t4hcjatlcz
-
MD5
20a45d9ae451382a786fd41e3360ae2e
-
SHA1
4031c1473794671edbe1caebcacf5aeff4d6955b
-
SHA256
88eaa3c9b225811421a5e00376e452c9826d29e98c772f73e9d6be28051dcfc6
-
SHA512
b5f1ee0c8049be04f8be61fd28b973a9b0950d7de79952d85701964af574594909d022cb8a114990ff69454fdbc9aeaaddc612cf20572e2005210be3cf92360f
-
SSDEEP
1536:BteqGDlXvCDB04f5Gn/L8ZlALNtnd1bKwf/:ulg35GTclABtnzKwf/
Malware Config
Targets
-
-
Target
88eaa3c9b225811421a5e00376e452c9826d29e98c772f73e9d6be28051dcfc6.exe
-
Size
80KB
-
MD5
20a45d9ae451382a786fd41e3360ae2e
-
SHA1
4031c1473794671edbe1caebcacf5aeff4d6955b
-
SHA256
88eaa3c9b225811421a5e00376e452c9826d29e98c772f73e9d6be28051dcfc6
-
SHA512
b5f1ee0c8049be04f8be61fd28b973a9b0950d7de79952d85701964af574594909d022cb8a114990ff69454fdbc9aeaaddc612cf20572e2005210be3cf92360f
-
SSDEEP
1536:BteqGDlXvCDB04f5Gn/L8ZlALNtnd1bKwf/:ulg35GTclABtnzKwf/
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1