General
-
Target
60c1cc46d5ec91b74a50e30586d7f36400a9de9455a9c10b514a1863093efea8.exe
-
Size
22KB
-
Sample
241203-v5brta1nam
-
MD5
823a28017a472ca3bbdec3f49421f898
-
SHA1
843d2818e3ae23bc845e0b4917eee11d8ba25d5f
-
SHA256
60c1cc46d5ec91b74a50e30586d7f36400a9de9455a9c10b514a1863093efea8
-
SHA512
6f49418ccfe7a03fea6247aaf618a9188a578a3654acab6f70f0cbe8f53971ce92c77436379cbb4735168e982eaff4f8872bc694f5e9bfbb660950ff5cbfc6f6
-
SSDEEP
384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXk284EjIm1V:rRkiLw3HsDSARGG/+4EjH
Malware Config
Targets
-
-
Target
60c1cc46d5ec91b74a50e30586d7f36400a9de9455a9c10b514a1863093efea8.exe
-
Size
22KB
-
MD5
823a28017a472ca3bbdec3f49421f898
-
SHA1
843d2818e3ae23bc845e0b4917eee11d8ba25d5f
-
SHA256
60c1cc46d5ec91b74a50e30586d7f36400a9de9455a9c10b514a1863093efea8
-
SHA512
6f49418ccfe7a03fea6247aaf618a9188a578a3654acab6f70f0cbe8f53971ce92c77436379cbb4735168e982eaff4f8872bc694f5e9bfbb660950ff5cbfc6f6
-
SSDEEP
384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXk284EjIm1V:rRkiLw3HsDSARGG/+4EjH
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1