General
-
Target
sample
-
Size
270KB
-
Sample
250127-sl5vfavpal
-
MD5
14d0e35dad1a914432d7c9220131939a
-
SHA1
87228fa78626dc81e5b3ed54f588d38cfdabb62b
-
SHA256
7b51e398909cf727773a2df8ed60b9c745162e5ca76d75c02fa47f95264abd1e
-
SHA512
747ae792790b2dcbcbc85c6d4d2b05ff0dbfb363ccc177d3dbbf316eda323be053045e81c10fab59f1c60c4a2a484cfa4a9a2a3fbc314237ae8515753b7129cd
-
SSDEEP
3072:c9GkOIZ7aCZZtoIwwLlFpRA+JejzpzrxAF4IrwiAwtN+25/j4w6:c9GkOy7aCZZ2Iw8pRNipzrrI8K4w6
Malware Config
Targets
-
-
Target
sample
-
Size
270KB
-
MD5
14d0e35dad1a914432d7c9220131939a
-
SHA1
87228fa78626dc81e5b3ed54f588d38cfdabb62b
-
SHA256
7b51e398909cf727773a2df8ed60b9c745162e5ca76d75c02fa47f95264abd1e
-
SHA512
747ae792790b2dcbcbc85c6d4d2b05ff0dbfb363ccc177d3dbbf316eda323be053045e81c10fab59f1c60c4a2a484cfa4a9a2a3fbc314237ae8515753b7129cd
-
SSDEEP
3072:c9GkOIZ7aCZZtoIwwLlFpRA+JejzpzrxAF4IrwiAwtN+25/j4w6:c9GkOy7aCZZ2Iw8pRNipzrrI8K4w6
Score10/10-
Modifies WinLogon for persistence
-
Modifies Windows Defender notification settings
-
Executes dropped EXE
-
Loads dropped DLL
-
Detected potential entity reuse from brand MICROSOFT.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1