General
-
Target
123123123123212132.exe
-
Size
377KB
-
Sample
250331-sr2pzasxa1
-
MD5
ecdd3ea3b8a4f725f9062ab8858ecca7
-
SHA1
239fc6d7ad2be57d0d67c5dd827a21776acdfae5
-
SHA256
c36199992b094393c6ad3905dde59a5a484e82648c2ab0aaacc85ee2264c68aa
-
SHA512
3a2242492ba9c53f49d3ba9033b37744f8bd7e1b5fe7948ab136a50b07663f9b1d1df86b77eb25ac892faa271570ae560cb4d40d7323166faac4acdde7eda443
-
SSDEEP
6144:pH2dNCgWu23+ppotfme6VlWT8b9IKxeMlr/y01bae6Szm/X:JCxPppguPVle8IMle0ke6+A
Malware Config
Targets
-
-
Target
123123123123212132.exe
-
Size
377KB
-
MD5
ecdd3ea3b8a4f725f9062ab8858ecca7
-
SHA1
239fc6d7ad2be57d0d67c5dd827a21776acdfae5
-
SHA256
c36199992b094393c6ad3905dde59a5a484e82648c2ab0aaacc85ee2264c68aa
-
SHA512
3a2242492ba9c53f49d3ba9033b37744f8bd7e1b5fe7948ab136a50b07663f9b1d1df86b77eb25ac892faa271570ae560cb4d40d7323166faac4acdde7eda443
-
SSDEEP
6144:pH2dNCgWu23+ppotfme6VlWT8b9IKxeMlr/y01bae6Szm/X:JCxPppguPVle8IMle0ke6+A
Score10/10-
Modifies WinLogon for persistence
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1AppInit DLLs
1Scheduled Task/Job
1Scheduled Task
1