General
-
Target
The-MALWARE-Repo-master.zip
-
Size
198.8MB
-
Sample
241213-z9npdsynb1
-
MD5
af60ad5b6cafd14d7ebce530813e68a0
-
SHA1
ad81b87e7e9bbc21eb93aca7638d827498e78076
-
SHA256
b7dd3bce3ebfbc2d5e3a9f00d47f27cb6a5895c4618c878e314e573a7c216df1
-
SHA512
81314363d5d461264ed5fdf8a7976f97bceb5081c374b4ee6bbea5d8ce3386822d089d031234ddd67c5077a1cc1ed3f6b16139253fbb1b3d34d3985f9b97aba3
-
SSDEEP
6291456:wNl3aFW2h9/fiTwCzCLS6iilVkLZgAEtknRzq:wDaFd//Orcpi4VkL6AfRG
Malware Config
Extracted
njrat
0.7d
Geforce
startitit2-23969.portmap.host:1604
b9584a316aeb9ca9b31edd4db18381f5
-
reg_key
b9584a316aeb9ca9b31edd4db18381f5
-
splitter
Y262SUCZ4UJJ
Extracted
remcos
1.7 Pro
Host
nickman12-46565.portmap.io:46565
nickman12-46565.portmap.io:1735
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
5
-
copy_file
Userdata.exe
-
copy_folder
Userdata
-
delete_file
true
-
hide_file
true
-
hide_keylog_file
true
-
install_flag
true
-
install_path
%WinDir%\System32
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%WinDir%\System32
-
mouse_option
false
-
mutex
remcos_vcexssuhap
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screens
-
screenshot_path
%AppData%
-
screenshot_time
1
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Extracted
revengerat
Guest
0.tcp.ngrok.io:19521
RV_MUTEX
Targets
-
-
Target
The-MALWARE-Repo-master/Trojan/WindowsXPHorrorEdition.txt
-
Size
123B
-
MD5
49f5ddbf0748e69f30a2909276418311
-
SHA1
c3205cccffe909f2a60560d6179cc096d4907386
-
SHA256
1e9637fc91b1fe4a13401c4bbb1919f0fc951c55b8d120df51854df02f8fcd6d
-
SHA512
dc741df9988212c362315d82a686dc0b4085890cdccce98bda8ec617a671b737f954b4530a424816cf5fb3affe3355022b1b1acae16fbd7dea33adac7cec80c8
Score3/10 -
-
-
Target
The-MALWARE-Repo-master/Trojan/XCSSETMacMalware/TrojanSpy.MacOS.XCSSET.A.6fa938770e83ef2e177e8adf4a2ea3d2d5b26107c30f9d85c3d1a557db2aed41
-
Size
2KB
-
MD5
3b0257a1a7e8b7e66840888db18be1cd
-
SHA1
c65988d03ad13a0bf889cddeacde3ba1638bd77b
-
SHA256
6fa938770e83ef2e177e8adf4a2ea3d2d5b26107c30f9d85c3d1a557db2aed41
-
SHA512
f6beeecee684f4a089b785c956aa614d3e467476edd88c4e6304f97f2ece73432bb4279b0fef210bd9faed380ff3a350e27ea4198473d9503adb2a96414b0a0c
Score3/10 -
-
-
Target
The-MALWARE-Repo-master/Trojan/Zika.exe
-
Size
5.6MB
-
MD5
40228458ca455d28e33951a2f3844209
-
SHA1
86165eb8eb3e99b6efa25426508a323be0e68a44
-
SHA256
1a904494bb7a21512af6013fe65745e7898cdd6fadac8cb58be04e02346ed95f
-
SHA512
da62cc244f9924444c7cb4fdbd46017c65e6130d639f6696f7930d867017c211df8b18601bfdaaee65438cee03977848513d7f08987b9b945f3f05241f55ec39
-
SSDEEP
98304:Xpkr2dY/aBcjJOBHOBIQBajMtWvoJiLE1+XgRKz89G/4ZSb0Funwh6DsN2PIpCr/:Xpkr2dY/aBcjJOBHOBIQBajMtWvoJiLf
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
The-MALWARE-Repo-master/Virus/Floxif/Floxif.exe
-
Size
532KB
-
MD5
00add4a97311b2b8b6264674335caab6
-
SHA1
3688de985909cc9f9fa6e0a4f2e43d986fe6d0ec
-
SHA256
812af0ec9e1dfd8f48b47fd148bafe6eecb42d0a304bc0e4539750dd23820a7f
-
SHA512
aaf5dae929e6b5809b77b6a79ab833e548b66fb628afeb20b554d678947494a6804cb3d59bf6bbcb2b14cede1a0609aa41f8e7fe8a7999d578e8b7af7144cb70
-
SSDEEP
12288:l86GkvJFajbhjTpHjq0dfpT1Oc02XEfGdnGwVUNUnEnAE3F:l8lT9PdpwO0fkGwVUSnEnAoF
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
The-MALWARE-Repo-master/Virus/Gnil/Gnil.exe
-
Size
73KB
-
MD5
37e887b7a048ddb9013c8d2a26d5b740
-
SHA1
713b4678c05a76dbd22e6f8d738c9ef655e70226
-
SHA256
24c0638ff7571c7f4df5bcddd50bc478195823e934481fa3ee96eb1d1c4b4a1b
-
SHA512
99f74eb00c6f6d1cbecb4d88e1056222e236cb85cf2a421243b63cd481939d3c4693e08edde743722d3320c27573fbcc99bf749ff72b857831e4b6667374b8af
-
SSDEEP
1536:UGNxwGlpPADH11dcbvbc7ysHJq18/H0UMC96hIoUShbs:UGNJA73dcbvbc7jpe8/UoRhes
Score8/10-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
The-MALWARE-Repo-master/Virus/Mabezat/Mabezat.exe
-
Size
141KB
-
MD5
de8d08a3018dfe8fd04ed525d30bb612
-
SHA1
a65d97c20e777d04fb4f3c465b82e8c456edba24
-
SHA256
2ae0c4a5f1fedf964e2f8a486bf0ee5d1816aac30c889458a9ac113d13b50ceb
-
SHA512
cc4bbf71024732addda3a30a511ce33ce41cbed2d507dfc7391e8367ddf9a5c4906a57bf8310e3f6535646f6d365835c7e49b95584d1114faf2738dcb1eb451a
-
SSDEEP
3072:k8sjSpy0bShLy8gXvzJ9k8a/o3z4aBy5chynHa3Ifn9xJY:Fsjl0bu+NxjJBRhyHJfO
Score1/10 -
-
-
Target
The-MALWARE-Repo-master/Virus/WinNuke.98.exe
-
Size
32KB
-
MD5
eb9324121994e5e41f1738b5af8944b1
-
SHA1
aa63c521b64602fa9c3a73dadd412fdaf181b690
-
SHA256
2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a
-
SHA512
7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2
-
SSDEEP
384:4cr14oKDP9KDviKDeTngwz9zmDAQE4KDJKDv5KDPP4vWe:92FgwBzMAbb3
Score1/10 -
-
-
Target
The-MALWARE-Repo-master/Virus/Xpaj/xpaj.exe
-
Size
219KB
-
MD5
d5c12fcfeebbe63f74026601cd7f39b2
-
SHA1
50281de9abb1bec1b6a1f13ccd3ce3493dee8850
-
SHA256
9db7ef2d1495dba921f3084b05d95e418a16f4c5e8de93738abef2479ad5b0da
-
SHA512
132d8c08f40a578c1dc6ac029bf2a61535087ce949ff84dbec8577505c4462358a1d9ef6cd3f58078fdcae5261d7a87348a701c28ce2357f17ecc2bc9da15b4e
-
SSDEEP
6144:Gqmg/v4y/MqGs38KHF1SubUriPOKAJnP:jmgXxXGNKHC
Score7/10-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
The-MALWARE-Repo-master/Virus/Xpaj/xpajB.exe
-
Size
520KB
-
MD5
bd76fc01deed43cd6e368a1f860d44ed
-
SHA1
a2e241e9af346714e93c0600f160d05c95839768
-
SHA256
e04c85cd4bffa1f5465ff62c9baf0b29b7b2faddf7362789013fbac8c90268bf
-
SHA512
d0ebe108f5baf156ecd9e1bf41e23a76b043fcaac78ff5761fdca2740b71241bd827e861ada957891fbc426b3d7baa87d10724765c45e25f25aa7bd6d31ab4ec
-
SSDEEP
12288:Kbx6vZrcRsEQNMnnGpL0zTnPzCFjBL0C2k8apE:Kbx6vam9innGWzUB
Score7/10-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
The-MALWARE-Repo-master/Worm/Bezilom.exe
-
Size
28KB
-
MD5
8e9d7feb3b955e6def8365fd83007080
-
SHA1
df7522e270506b1a2c874700a9beeb9d3d233e23
-
SHA256
94d2b1da2c4ce7db94ee9603bc2f81386032687e7c664aff6460ba0f5dac0022
-
SHA512
4157a5628dc7f47489be2c30dbf2b14458a813eb66e942bba881615c101df25001c09afb9a54f88831fa4c1858f42d897f8f55fbf6b4c1a82d2509bd52ba1536
-
SSDEEP
384:1gc4XlUUWiY1SN6oHN64iKZz+ZBEKTzEv819YSHOuSsAR/+eR4517wNwEb:1nREWEFsI+wAJw2E
Score6/10-
Adds Run key to start application
-
-
-
Target
The-MALWARE-Repo-master/Worm/Blaster/607B60AD512C50B7D71DCCC057E85F1C
-
Size
15KB
-
MD5
607b60ad512c50b7d71dccc057e85f1c
-
SHA1
a657eb27806ffe43a0b30aa85f5c75dac0e41755
-
SHA256
3e363d76d3949cc218a83a2ee13603d643e3274d3cff71247e38b92bdb391cfa
-
SHA512
fc8035bb2c7cc28e091d5c2ae35f31771af3df5d12c54c643aff613e0483c0c82f918f78a35f09877d4f431cf9a4d2619b05ba50596d76cfa9f9c8e33a54bd7b
-
SSDEEP
192:46202U0W5+klkphhGp3KVdKIElJRBq/t/QHRzDG5VXPP:4aBLY5VdK/lJRBqt/QH85Vn
Score5/10-
Drops file in System32 directory
-
-
-
Target
The-MALWARE-Repo-master/Worm/Blaster/8676210e6246948201aa014db471de90
-
Size
6KB
-
MD5
8676210e6246948201aa014db471de90
-
SHA1
86b30d1a8b7515dcab6c8d2781b85c6983709dbf
-
SHA256
2e481059b9bc9686c676d69a80202eed5022c9a53ecd8cac215e70c601dd7fdc
-
SHA512
5130e6ea6c5e1924af7d630a7b1c6e614b1482edcad3117a8dc56371269260b97793a7ccdbf3249054815b7c3b9c364b30e73e0f8e4cc230502b01d0d2f70bda
-
SSDEEP
192:P+szB8G1PO6jgVFpXbWMBpbw/jsaW6HmI:P+szyLVFdbWsbKtWqmI
Score8/10-
Contacts a large (1661) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Adds Run key to start application
-
-
-
Target
The-MALWARE-Repo-master/Worm/Blaster/8a17f336f86e81f04d8e66fa23f9b36a
-
Size
162KB
-
MD5
8a17f336f86e81f04d8e66fa23f9b36a
-
SHA1
f9465db9573fea92a9224b7600872e8a6d864cbf
-
SHA256
93bce533854e3dd53551048403450ae1f03f44c938b1bacaf3d58c45e7e4d957
-
SHA512
7ee88762e687403ff08d27c8bbe63f0b8524af0889f34ac044c7d8e0393f8735438da88e6dcf2e0826d48dd8648a3a48fc8c68c8a4b91dd55c995af9a8c5e5e4
-
SSDEEP
3072:6bhU1YeFd+bShONEk1ee1eeeemidw4kEPHQdTUQLeosRYghjudju2fZTiusOChCW:6bhUmeFd7W1ee1eeeem+LkEPHg6osRYg
Score8/10-
Contacts a large (1661) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
The-MALWARE-Repo-master/Worm/Blaster/DComExploit.exe.vir
-
Size
36KB
-
MD5
d68cf4cb734bfad7982c692d51f9d156
-
SHA1
fe0a234405008cac811be744783a5211129faffa
-
SHA256
54143b9cd7aaf5ab164822bb905a69f88c5b54a88b48cc93114283d651edf6a9
-
SHA512
eb25366c4bbe09059040dd17ab78914ff20301a8cd283d7d550e974c423b8633d095d8a2778cfb71352d6cb005af737483b0f7e2f728c2874dc7bdcf77e0d589
-
SSDEEP
384:fqiTD8SZzK3+RsiqnZImlYEyx1ml8z0iuKo9oMbNp8SNYLJJ:3D8kK3ViqZx1MuKo9od
Score1/10 -
-
-
Target
The-MALWARE-Repo-master/Worm/Bumerang.exe
-
Size
26KB
-
MD5
b6c78677b83c0a5b02f48648a9b8e86d
-
SHA1
0d90c40d2e9e8c58c1dafb528d6eab45e15fda81
-
SHA256
706fce69fea67622b03fafb51ece076c1fdd38892318f8cce9f2ec80aabca822
-
SHA512
302acca8c5dd310f86b65104f7accd290014e38d354e97e4ffafe1702b0a13b90e4823c274b51bcc9285419e69ff7111343ac0a64fd3c8b67c48d7bbd382337b
-
SSDEEP
768:K8uYMZTBv1/nGyURhRkCxnjC0VjDT9zG:KbTpBlUnRfhfT9
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
The-MALWARE-Repo-master/Worm/Fagot.a.exe
-
Size
373KB
-
MD5
30cdab5cf1d607ee7b34f44ab38e9190
-
SHA1
d4823f90d14eba0801653e8c970f47d54f655d36
-
SHA256
1517527c1d705a6ebc6ec9194aa95459e875ac3902a9f4aab3bf24b6a6f8407f
-
SHA512
b465f3b734beaea3951ff57759f13971649b549fafca71342b52d7e74949e152c0fbafe2df40354fc00b5dc8c767f3f5c6940e4ba308888e4395d8fd21e402b3
-
SSDEEP
6144:Bjrk71gCl5D0nIMpAP40ShG4TmvgFNwUQs4zTBrgDYZJPSLJXaUtjk10he1:S79l5DixAPzwjegFNwVJzTLPSLJXT
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Boot or Logon Autostart Execution: Port Monitors
Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.
-
Event Triggered Execution: Image File Execution Options Injection
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Boot or Logon Autostart Execution: Print Processors
Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
-
Impair Defenses: Safe Mode Boot
-
Modifies system executable filetype association
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Modifies WinLogon
-
Drops file in System32 directory
-
-
-
Target
The-MALWARE-Repo-master/Worm/Heap41A.exe
-
Size
451KB
-
MD5
4f30003916cc70fca3ce6ec3f0ff1429
-
SHA1
7a12afdc041a03da58971a0f7637252ace834353
-
SHA256
746153871f816ece357589b2351818e449b1beecfb21eb75a3305899ce9ae37c
-
SHA512
e679a0f4b7292aedc9cd3a33cf150312ea0b1d712dd8ae8b719dedf92cc230330862f395e4f8da21c37d55a613d82a07d28b7fe6b5db6009ba8a30396caa5029
-
SSDEEP
12288:gr3ZBIRB4heEAiRsdUaaSV2qmw0iOanTrA:8ZB2B4hlIMSIqDrA
Score8/10-
Adds policy Run key to start application
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
The-MALWARE-Repo-master/Worm/Mantas.exe
-
Size
40KB
-
MD5
53f25f98742c5114eec23c6487af624c
-
SHA1
671af46401450d6ed9c0904402391640a1bddcc2
-
SHA256
7b5dec6a48ee2114c3056f4ccb6935f3e7418ef0b0bc4a58931f2c80fc94d705
-
SHA512
f460775308b34552c930c3f256cef1069b28421673d71e3fa2712b0467485861a98285925ae49f1adea1faf59265b964c873c12a3bb5de216122ac20084e1048
-
SSDEEP
768:rz4RBkfbi/FG9Of8Ejex0a6zALVlXt32KtYFPYA3HxAnIIGSEsu:4Ciw9a8EG05zMt3jKYA3xAYns
Score6/10-
Adds Run key to start application
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
The-MALWARE-Repo-master/Worm/NadIote/Nadlote.exe
-
Size
240KB
-
MD5
57aecbcdcb3a5ad31ac07c5a62b56085
-
SHA1
a443c574f039828d237030bc18895027ca780337
-
SHA256
ab020413dce53c9d57cf22d75eaf1339d72252d5316617a935149e02fee42fd3
-
SHA512
7921f184411f898a78c7094176fa47368b1c6ba7d6a3f58df4332e6865325287f25622f1d13765fd08d499d34974461b2ee81319adc24ce3901cc72d132b3027
-
SSDEEP
6144:fFzclWnzp5DFV0FuS5hPGR/CnA1G+Ghgav/06hyTu:RcURxR/CnA0rhgaJy
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Network Share Discovery
Attempt to gather information on host network.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
-
-
Target
The-MALWARE-Repo-master/Worm/Netres.a.exe
-
Size
372KB
-
MD5
d543f8d2644b09445d9bc4a8a4b1a8c0
-
SHA1
72a7b4fb767c47f15280c053fba80de1e44d7173
-
SHA256
1c0e2b7981ffa9e86185b7a7aac93f13629d92d8f58769569483202b3a926ce5
-
SHA512
9cd77db4a1fe1f0ec7779151714371c21ed798091d9022cec6643c79b2f3c87554a0b7f01c4014e59d0d1a131922a801413d37236ef1c49506f8e1aa5b96e167
-
SSDEEP
6144:YEo6WDhsj7atyB3FATvzOdy9uyEP4TpDaO5pHCclI0SCVsMHAiBq2R:IzDhmatywCdy9uxPI75C0VVsUBq
Score3/10 -
-
-
Target
The-MALWARE-Repo-master/Worm/Nople.exe
-
Size
50KB
-
MD5
7d595027f9fdd0451b069c0c65f2a6e4
-
SHA1
a4556275c6c45e19d5b784612c68b3ad90892537
-
SHA256
d2518df72d5cce230d98a435977d9283b606a5a4cafe8cd596641f96d8555254
-
SHA512
b8f37ecc78affa30a0c7c00409f2db1e2fd031f16c530a8c1d4b4bffaa5d55ac235b11540c8a611ae1a90b748b04498e3954cfb1529236937ef693c6b20e893b
-
SSDEEP
768:7mlllC8F/EKXZ13YXcEWLwpjwRCzbaHRgIvkM:7ClCJKJRqcEiwpcsmgIvkM
Score3/10 -
-
-
Target
The-MALWARE-Repo-master/Worm/Vobfus/Vobus.exe
-
Size
384KB
-
MD5
966bb4bdfe0edb89ec2d43519c6de3af
-
SHA1
7aa402e5241ff1ca2aeabeeda8928579902ad81a
-
SHA256
ef12832d67a099282b6aad1bf2858375dd4b53c67638daf12a253bc9f918b77f
-
SHA512
71b8cf14055caee1322976dc0ac777bdd0f9058ee37d30d7967bdc28d80f66d0d478c939501be5f9c70245e5b161c69ad36721a7c6454fea9abe76786934db66
-
SSDEEP
3072:rtyFjchUoBENcPCkTaVYD3CbbTDMo6ZWbBrM/LqibDdjGRc32R7srGADv1FSJl:rqJVYD3KDN6ZWbBrM/GiDoO3IsrTvI
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
The-MALWARE-Repo-master/rogues/AdwereCleaner.exe
-
Size
190KB
-
MD5
248aadd395ffa7ffb1670392a9398454
-
SHA1
c53c140bbdeb556fca33bc7f9b2e44e9061ea3e5
-
SHA256
51290129cccca38c6e3b4444d0dfb8d848c8f3fc2e5291fc0d219fd642530adc
-
SHA512
582b917864903252731c3d0dff536d7b1e44541ee866dc20e0341cbee5450f2f0ff4d82e1eee75f770e4dad9d8b9270ab5664ffedfe21d1ad2bd7fe6bc42cf0e
-
SSDEEP
3072:15TDpNFVbxDSXJFFGhcBR1WLZ37p73G8Wn7GlDOg+ELqdSxo5XtIZjnvxRJgghaR:157TcfFPB6B3GL7g+me5aZjn5VlI9T/
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
The-MALWARE-Repo-master/rogues/SpySheriff.exe
-
Size
48KB
-
MD5
ab3e43a60f47a98962d50f2da0507df7
-
SHA1
4177228a54c15ac42855e87854d4cd9a1722fe39
-
SHA256
4f5f0d9a2b6ef077402a17136ff066dda4c8175ceb6086877aaa3570cabb638f
-
SHA512
9e3365c7860c4766091183d633462f1cc8c30d28871ae2cd8a9a086ce61c0bccf457f919db6826b708f0cf4f88e90f71185420edc4756b7d70137e2096f8797f
-
SSDEEP
768:18Gch4aqHnKckG0HrloMOInk3RicH0wDrF5X9gFEvkk3p:1hN/k/ZomkhewDR5NVvkk3p
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
8Active Setup
1Port Monitors
1Print Processors
1Registry Run Keys / Startup Folder
3Winlogon Helper DLL
2Browser Extensions
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
3Change Default File Association
1Image File Execution Options Injection
1Netsh Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
8Active Setup
1Port Monitors
1Print Processors
1Registry Run Keys / Startup Folder
3Winlogon Helper DLL
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
3Change Default File Association
1Image File Execution Options Injection
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
1Safe Mode Boot
1Indicator Removal
1Clear Persistence
1Modify Registry
17Pre-OS Boot
1Bootkit
1Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Service Discovery
1Network Share Discovery
1Peripheral Device Discovery
2Query Registry
6Remote System Discovery
1System Information Discovery
6System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1